Verify my form workflow

Posted by Shackrock on Stack Overflow See other posts from Stack Overflow or by Shackrock
Published on 2011-11-13T16:55:43Z Indexed on 2011/11/13 17:50 UTC
Read the original article Hit count: 360

Filed under:
|
|

I have a form, with some sensitive info (CC numbers). My work flow is:

  • One page to take all form items
  • Upon submission, values are validated. If all is well, all data is stored in a session variable, and the page reloads and displays this info from the session variable.
  • If everything is ok on the review page, the user clicks submit and the session variable is sent to another form for processing (sending payment).
  • Upon success, the session is destroyed. Upon failure (bad CC number, for example) - the user is sent back to the form, with all of the fields filled in just like before, so that they can check for errors and try again (session is NOT destroyed).

Does anyone see anything wrong with this, from a security or best practices stand point?

UPDATE I'm thinking I can get rid of a step - storing the info in a session EVER. Just have a one page checkout, no review page... makes sense.

© Stack Overflow or respective owner

Related posts about php

Related posts about security