• Post Reply Bookmark Topic Watch Topic
  • New Topic

what is the disadvantage of hidden form fields during session tracking?

 
senthil sen
Ranch Hand
Posts: 184
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what is the disadvantage of hidden form fields during session tracking?
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The disadvantage is that every user action must result in the submission of a form or you lose the data. This limits the sort of HTML you can put on the page.
Bill
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Size also. Since hidden fields put all previous data on each form as you go through several forms the pages transmitted get bigger, and bigger, and bigger -- taking longer, and longer, and longer to load.
Kyle
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't have to store all of the sesison data as hidden fields, you can just pass a custom session ID and maintain the session on your own on the server. Still not recommended, but its a possibility.
If you are sending all of the data back and forward as hidden variables, you must be aware that the hidden data can't be trusted. There is nothing stopping people from submitting data on page one then altering this data on page three via some HTTP trickery.
This happened on a shopping site where they calculated the price and held it as a hidden field, but users could change this to whatever they were prepared to pay!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!