I'm not sure why this is happening and I tried doing some searches, but I haven't come across anything. Basically, in "form.php" I have a form. And I process the form in "formprocess.php". Now, through my verifying/sanitizing, if there was a problem with information submitted, "formprocess.php" handles it, and then tells the user to click on the back button on the browser (or the one that I supply).
Now here's the weird thing. If I don't use sessions, when the user clicks to go back to the form, their information is preserved in the form. However, if I try to add sessions to the page (as a hidden token to help prevent CSRF), if the user makes a mistake and has to go back to the form, their entered information is cleared. Has anyone seen this? I'm pretty sure it's the sessions that's doing it, because if I comment out the session code, it works fine and preserves the users inputted info on the form.
Here's basically what I have on "form.php":
session_start();
$secret = md5(uniqid(mt_rand(), true));
$_SESSION['secret'] = $secret;
<input type="hidden" name="secret" value="<?php echo $secret; ?>" />
And on "formprocess.php":
session_start();
if (!isset($_POST['secret']))
errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
if (($_SESSION['secret'] != $_POST['secret']) || (!isset($_SESSION['secret'])))
{
//Call error handling function with $problem = 2 (minor security breach)
errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".');
}
else
{
//unset() session variable
//unset($_SESSION['secret']);
}
What in this code could be causing the form fields to clear? Thanks!!!
