Hi, I'm wondering what generally recommended practice is for handling session timeouts prior to a form being submitted.
The problem is this:
- User is at a form. Then, they have no session. This could be because they dawdle at filling out the form, or because they clear out their cookies, or for some other reason. In any case, it does not really matter why their session no longer exists, since it isn't really possible for the server to determine the reason.
- They submit said form
- Because their session is timed out, they are generally redirected to the login page
- Then redirected back to the submission url, and all of the form values are gone.
One idea that occurs to me is storing the submitted form values somewhere (perhaps in JSON format) and then retrieving them after the login.
Another option would be changing the code that checks for security and ignoring it if it's a form submission. This, to me, sounds like a terrible idea.
This must be something that comes up from time to time. I'm interested in finding out how people have resolved this issue.
Seems like this is a pretty language-agnostic problem, so I'm open to solutions in any programming language although PHP, Django, and ColdFusion are the ones I'm most familiar with.