Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

How to delete session immediately - sensitive data


Reply


3 Posts   259 Views

Avatar
vwd

Community Member, 159 Posts

28 January 2014 at 4:24pm

Edited: 28/01/2014 4:28pm

Hi,

I'm creating a form that handles sensitive data which isn't to be stored on the server.

How can I ensure that the session files that are created, are deleted immediately after the form submission?

Should I be calling Session::destroy() or Session::clear_all()?

A couple of questions:

  • * Are there any implications I should be aware of?
  • * The user doesn't need to be logged in, but if they were logged in, would that cause them to be logged out if I called Session::destroy() or Session::clear_all()?
  • * Is it possible to just clear the session variables related to the form's sensitive data?

Thanks very much.
VWD.

Avatar
simon_w

Forum Moderator, 474 Posts

28 January 2014 at 6:37pm

Forms only store the data in the session on validation failure. The data is then removed from the session as soon as the form has been displayed back to the user with their previous information. There is no need for you to be clearing the session yourself.

Avatar
vwd

Community Member, 159 Posts

28 January 2014 at 6:54pm

Thanks Simon - that's good to know. Thanks for your reply.

VWD