Multi step form and dealing with sensitive data?
-
13-06-2021 - |
Domanda
I currently have a Multi step form set up in my CodeIgniter app and I am just wondering the best way to set it because it will hold sensitive data. At the moment I have a 5 page form which uses ajax to validate each step and then redirect to the next step. I have included a 'back' button on each step and the form is populated with the data they have just entered from db sessions I have created and I am just wondering if this is a wise thing to do or not? Or should I restrict them from not being able to go back to a previous step even though this may frustrate the user. I am destroying the sessions on form submit.
Thanks in advance :)
Soluzione
PHP sessions are very secure, assuming that you have full control over your server. In regards to security though, I would suggest only using AJAX over a secure connection, otherwise everything sent backwards forwards will be readable in plain text.
There are a few things to note when dealing with PHP sessions and security:
- Ensure the correct permissions are given to the session files on disc.
- Use SSL when authenticating users, but more importantly...
- ... Regenerate the session ID every time the user logs in/out or gains privileges.
- Store auth data in the session, not a cookie.