Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

How to delete session immediately - sensitive data


Go to End


3 Posts   768 Views

Avatar
vwd

Community Member, 166 Posts

28 January 2014 at 4:24pm

Edited: 28/01/2014 4:28pm

Hi,

I'm creating a form that handles sensitive data which isn't to be stored on the server.

How can I ensure that the session files that are created, are deleted immediately after the form submission?

Should I be calling Session::destroy() or Session::clear_all()?

A couple of questions:

  • * Are there any implications I should be aware of?
  • * The user doesn't need to be logged in, but if they were logged in, would that cause them to be logged out if I called Session::destroy() or Session::clear_all()?
  • * Is it possible to just clear the session variables related to the form's sensitive data?

Thanks very much.
VWD.

Avatar
(deleted)

Community Member, 473 Posts

28 January 2014 at 6:37pm

Forms only store the data in the session on validation failure. The data is then removed from the session as soon as the form has been displayed back to the user with their previous information. There is no need for you to be clearing the session yourself.

Avatar
vwd

Community Member, 166 Posts

28 January 2014 at 6:54pm

Thanks Simon - that's good to know. Thanks for your reply.

VWD