I have a problem, I am writing a system for an company and I want it to be as secure & robust as possible, but now I'm stuck. I have a product list, where a logged-in employee can edit, delete or emit (print) specifications about a product.
Let's assume I'm a logged-in employee on that system. When I click a product from the product list and then click on emit (print), javascript will send data over POST to the next page (Yes, it must be JS, because of the design of the page).
So the next page is displayed with correct info about that product (because POST passed the product id to the next page, which then realized an SQL query and fetched all info).
Now, on that page, I can verify if all info is correct and then click again on emit (print) to finally print the specifications. But here I came across a caveat: How will the next page know the product ID? I can't use POST, because there's nothing to post..
Cookies are designed for such stuff, but I think that when I'm logged in two tabs on the same browser and then click print on both tabs at once, the same Cookie will get called twice and overwritten twice (conflict), and, consequently, product id's could get swapped.
$_SESSION I believe I can't use too, because if two users are logged on the same Machine, data could get swapped too, just like in cookies.
Now, what is the 'best' practice to pass data between pages that "supports" multiple concurrent users on the same machine, and even in the same browser?
