Cart/Session Data vs Form data

So I was making a form that was originally one page, to submit and order.

It got more complex when I learned I should probably get the tax/subtotal/verification from our order processor before submitting the final order.

So now I had a 2 part form. Part one: Enter line items Process part one: Calculate subtotal/tax and list info for verification Part2:Verify info and submit for final order processing.

Still, just 2 steps, not a very big deal, right? I didn’t want to worry about the session, a cart, etc. I ended up passing the info from step 1 (lineitems) and cloning it on step two into hidden form values, so these lineItems would be available when step 2 was processed.

The kicker for me to switch to use a cart was that in order for me to calculate the price from the lineItems, I needed the price and the totals to not be form data that could be manipulated by the user. Instead of adding hidden price fields on the form, and worry about that specific security issue of modifying form data pricing, I just decided to keep track of the pricing in the session, on the cart, which also reduced my amount of form value overhead, bu mades things a little more complex.

Leave a Reply

Your email address will not be published.