|
|
Posted by Peter Fox on 07/19/05 12:06
Following on from Malcolm Dew-Jones's message. . .
>el_roachmeister@yahoo.com wrote:
>: Is there a way to make a text link post to a form without passing all
>: the parameters in the url? The urls tend to get very long and messy. I
>: often wonder if there is a limit to how long they can get?
>
>One possible technique
>
>Use sessions.
>
>Create a session for a user.
>
>When you generate the table with all the links, save the details of each
>link as part of the session, and index the details via an id, and use that
>id in the link instead of the details.
>
> <a href="mysite.com/myscript.php?the-id=A57">click here</a>
>
And if your record ids are 1,2,3 ... 45,46,47 etc then you need to
protect that id from being known or accessible or usable from the
'hidden' information. [Even if you use large random numbers for record
IDs this only protects against peeking at another customer's record etc
(and then not perfectly) and it means that for example
"?CN=123456789&ACTION=DENY" is an invitation to use the same CN with
other actions.]
So, one method is to create a record in the session (array) of
parameters and dynamically generated random number. The link now looks
lime "?LNK=152482763" with 152482763 referencing something in the
session. The next time the exact same link is generated (same customer,
same action say) there will be a completely different random number.
This works for page-to-page links and also URLs embedded into emails.
(In the latter case store the info in a table. - I have a class that
encapsulates this nicely with extra functions for things like expiry and
deleting all options when one is chosen - I suppose I ought to start
publishing some of my useful classes.)
--
PETER FOX Not the same since the e-commerce business came to a .
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
Navigation:
[Reply to this message]
|