Storing accepted terms and conditions flag in a web application

Question

The software I am currently bug fixing for, has an issue where multiple pages require a terms and conditions to be accepted. The issue is once accepted, it should never pop up again.

I want to store a flag somewhere that checks before redirecting to the terms and conditions page to check if it has already been checked.

I was just wondering, what is best practice to store this value e.g in a cookie, or in session?

Answer 1

Since you wrote "it should never pop up again", I guess cookies are better option. Imagine situation when user closes browser window by mistake. Do you want your application to remember that terms and conditions were accepted? Or what happens when user come again tomorrow? You should probably use "persistent cookies" and set cookie expiration date.

However, I can see another issue with your design: In order to make a sense to whole mechanism of "accepting terms and condition", you need at least basic info about the user (username, e-mail, age, address). Otherwise, what's a point to remember that "acceptance" if you can not relate it to some user?

If you need a evidence someone accepted something, you need a record in your database, right? And if you have that record, you can use application logic to decide whether to redirect to "terms and condition" or not.