Do I need to create a sessionID or cookie?

Report · Jun 05, 2006

Hi ppl,

I have a simple form which submits to an Access db and redirects to a thanks.asp page displaying the contents entered into the form - basic stuff and all working like a dream.

Scenario - My problem is that if a user goes to the form and completes it to get to the thanks page, they could in theory refresh the page after another user has completed the form and then see the other users information instead of their own.

My page is simply displaying the last record entered using ORDER BY DESC in my SQl.

Can someone guide me in the right direction of how to do this correctly so that a form user will only ever see data they have personally entered. Do I need to create a session or use cookies? I have not done this before and so would welcome any pointers as to how this is done correctly.

Thanks as always

Jules

Report · Jun 05, 2006

What does your form do? What are your users looking at? IS it just a
profile page, or something they're going to coem back to often? Do they
login to your site, or do they just submit info once?

Report · Jun 05, 2006

If you can make changes to the db structure, I'd add a "Timestamp" field to
the record, with the default value set to get the current date/time, I
believe it's Now() in Access.

However, on the .asp page I would modify the SQL to insert Now() into the
Timestamp field as part of the insert transaction. Ideally you'd want the
time to be as precise as possible to avoid duplicates: Month, Day, Year,
Hour, Minute, Second, Millisecond if possible.

So, the sql inserts all the fields for the record including a value for the
Timestamp. Then pass that timestamp value over to the thanks page and pull
the record out that has the matching timestamp.

I think it's safe to say that no value of MM

D:YY::HH::MM::SS::MS will be
equivalent to another.

It would be better to insert the record and retrieve the ID of the newly
inserted record and use that versus Timestamp, but it's still good practice
to have a Timestamp field.

Ron

"Julesmg" <webforumsuser@macromedia.com> wrote in message
news:e6217m$bs2$1@forums.macromedia.com...
> Hi ppl,
>
> I have a simple form which submits to an Access db and redirects to a
> thanks.asp page displaying the contents entered into the form - basic
> stuff and
> all working like a dream.
>
> Scenario - My problem is that if a user goes to the form and completes it
> to
> get to the thanks page, they could in theory refresh the page after
> another
> user has completed the form and then see the other users information
> instead of
> their own.
>
> My page is simply displaying the last record entered using ORDER BY DESC
> in my
> SQl.
>
> Can someone guide me in the right direction of how to do this correctly so
> that a form user will only ever see data they have personally entered. Do
> I
> need to create a session or use cookies? I have not done this before and
> so
> would welcome any pointers as to how this is done correctly.
>
> Thanks as always
>
> Jules

>

Report · Jun 05, 2006

Hi RYoung, I understand what you are getting at but the timestamp (in it's own right) would simply be just another record field. If the user refreshed the page after another user had entered information into the form, the page would simply refresh with the latest record ans the timestamp recorded accordingly.

Crash - the form is designed to generate a 'voucher' which the user will print and take into a gym to get a discount on a joining fee. The idea is that the user completes the form, and I redirect them to a page (thanks.asp) which prints their name and contact details and also a unique ID number (the primary key number) which is the voucher number.

As I was testing with a remote colleague, I refreshed the thanks.asp page I was looking at when my remote college had completed the form to test it and I saw their details as the thanks.asp page just pulls the last db record.

I am therefore thinking I need to generate a unique sessionID for the user but do not know if or how to do this.

Thanks everyone.

Jules

Report · Jun 05, 2006

What language are you using? It's 5 here, and I'm getting ready to sp.ilt,
but if yo udon't have an answer by tomorrow AM, I'll be back.

1. Uesr comes to page, fills out information
2. On Page load, we Create SessionID using Timestamp, part of a timestamp,
or whatever (Custom code)
3. Insert form info into database (Did you do this within DW?), use a "ID"
field other than PK to publish our sessionID
3. Recordset filtered by Session variable will pull up appropriate record

I don't do enough ASP to write this for you ,but that might be close enough
to get you started.

Report · Jun 05, 2006

The insert would look something like so:

Dim timestamp
timestamp = Now()
Insert Into Table(Field1, Field2, TimeStamp)Values(Value1, Value2,
timestamp)

Response.Redirect("thanks.aspx?ts=<%= timestamp %>")

Then on thanks.asp

Dim timestamp
timestamp = Request.Querystring("timestamp")
Dim sqlSelect
sqlSelect = "Select * From Table Where Timestamp = #" & timestamp & "#"

There would be no need to select the last record inserted when you can
filter it with the timestamp.

Ron

"Julesmg" <webforumsuser@macromedia.com> wrote in message
news:e62964$lmu$1@forums.macromedia.com...
> Hi RYoung, I understand what you are getting at but the timestamp (in it's
> own
> right) would simply be just another record field. If the user refreshed
> the
> page after another user had entered information into the form, the page
> would
> simply refresh with the latest record ans the timestamp recorded
> accordingly.
>
> Crash - the form is designed to generate a 'voucher' which the user will
> print
> and take into a gym to get a discount on a joining fee. The idea is that
> the
> user completes the form, and I redirect them to a page (thanks.asp) which
> prints their name and contact details and also a unique ID number (the
> primary
> key number) which is the voucher number.
>
> As I was testing with a remote colleague, I refreshed the thanks.asp page
> I
> was looking at when my remote college had completed the form to test it
> and I
> saw their details as the thanks.asp page just pulls the last db record.
>
> I am therefore thinking I need to generate a unique sessionID for the user
> but
> do not know if or how to do this.
>
> Thanks everyone.
>
> Jules
>

Report · Jun 05, 2006

What server language are you using?

--
Paul Whitham
Certified Dreamweaver MX2004 Professional
Adobe Community Expert - Dreamweaver

Valleybiz Internet Design
www.valleybiz.net

"Julesmg" <webforumsuser@macromedia.com> wrote in message
news:e62964$lmu$1@forums.macromedia.com...
> Hi RYoung, I understand what you are getting at but the timestamp (in it's
> own
> right) would simply be just another record field. If the user refreshed
> the
> page after another user had entered information into the form, the page
> would
> simply refresh with the latest record ans the timestamp recorded
> accordingly.
>
> Crash - the form is designed to generate a 'voucher' which the user will
> print
> and take into a gym to get a discount on a joining fee. The idea is that
> the
> user completes the form, and I redirect them to a page (thanks.asp) which
> prints their name and contact details and also a unique ID number (the
> primary
> key number) which is the voucher number.
>
> As I was testing with a remote colleague, I refreshed the thanks.asp page
> I
> was looking at when my remote college had completed the form to test it
> and I
> saw their details as the thanks.asp page just pulls the last db record.
>
> I am therefore thinking I need to generate a unique sessionID for the user
> but
> do not know if or how to do this.
>
> Thanks everyone.
>
> Jules
>