Geoff Soper wrote:
> I'm working on an authentication system in which it's possible that a user
> might be requested to log-in as a result of submitting a form if the
> inactivity timeout is exceeded. In order that they don't lose the
> information in the form I would like to capture this information ($_RESULT),
> serialise it and store it in their session. After they've successfully
> logged in I would like to retrieve this information and put it back in
> $_RESULT so the user can carry on with what they were doing. Is $_RESULT
> meant to be writable in this wayand is there any reason why this isn't a
> good idea?

I assume by $_RESULT you mean $_REQUEST?

To store it:

foreach ($_REQUEST as $key=>$value) {
$_SESSION['REQUEST'][$key] = $value;
}

This will simply store all the $_REQUEST variables in the session as the
array $_SESSION['REQUEST']

Then to get it back:

foreach ($_SESSION['REQUEST'] as $key=>$value) {
$_REQUEST[$key] = $value;
}

Or, if they fail the login, destroy the array:
unset($_SESSION['REQUEST']);

If you don't want to store all the $_REQUEST vars but only some of them
you can just use a switch-statement before storing them.

foreach ($_REQUEST as $key=>$value) {
switch ($key) {
case "var_to_keep":
case "another_var_to_keep":
case "yet_another_var_to_keep":
$_SESSION['REQUEST'][$key] = $value;
break;
default:
break;
}
}

Just make sure you call session_start(); on the pages where you want to
use this, or the $_SESSION variables won't be carried over.

Hope that helps :)


Roy W. Andersen
--
ra at broadpark dot no / http://roy.netgoth.org/

"Hey! What kind of party is this? There's no booze
and only one hooker!" - Bender, Futurama