Jump to:

23478 Posts in 18941 Topics by 2878 members

General Questions

SilverStripe Forums » General Questions » How to delete session immediately - sensitive data

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 242 Views
  • vwd
    Avatar
    Community Member
    158 Posts

    How to delete session immediately - sensitive data Link to this post

    Hi,

    I'm creating a form that handles sensitive data which isn't to be stored on the server.

    How can I ensure that the session files that are created, are deleted immediately after the form submission?

    Should I be calling Session::destroy() or Session::clear_all()?

    A couple of questions:

    • * Are there any implications I should be aware of?
    • * The user doesn't need to be logged in, but if they were logged in, would that cause them to be logged out if I called Session::destroy() or Session::clear_all()?
    • * Is it possible to just clear the session variables related to the form's sensitive data?

    Thanks very much.
    VWD.

  • simon_w
    Avatar
    Forum Moderator
    473 Posts

    Re: How to delete session immediately - sensitive data Link to this post

    Forms only store the data in the session on validation failure. The data is then removed from the session as soon as the form has been displayed back to the user with their previous information. There is no need for you to be clearing the session yourself.

  • vwd
    Avatar
    Community Member
    158 Posts

    Re: How to delete session immediately - sensitive data Link to this post

    Thanks Simon - that's good to know. Thanks for your reply.

    VWD

    242 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.