Forum Moderators: buckworks
Rather than using javascript, I was thinking of storing the customer form data (name, address, phone #) in a database, so the data is retrieved automatically (if it exists) based on the user session ID.
The customer could even bookmark their pages, and return and have the form data still prefilled out.
One thing I don't want to add, is a registration process, it just gets in the way of useability.
Now the privacy issue, technically somebody could start randommly typing uri's with session ID's and eventually get somebodies else mailing address.
My session ids are very long, and the chance of this is about 1 in a million. I figure this is an acceptable risk, as the private information (name,address, phone number) is not considered high risk data.
Any comments.
If you don't want people to be able to type in sessionID's in the URL, then don't pass the ID in the URL.
If you're using ASP you can always get the sessionID with
response.write session.sessionID and it won't show in the URL.
But you should definetly not store the information in the database forever but only for a couple of hours.
If I came to your site and the data was still filled in after one or two hours I would find that convinient. However if I came back two days later and still find the forms filled out I would get mad and propably write you some nasty email.
And you should keep in mind that many people use computers in internet cafes, universities and other public places. The information could then be retrieved by checking the browser history.
As far as Internet Cafe's, Universities, and such, people are warned to clear the cache and such, so if they don't clear the cache or clear the form (with the handy clear form button), its their own fault.
Besides, we are talking about quasi-private information to begin with, so unless the person is in the Witness protection program or an abuse spouse I don't see why they would be worried, about publicly available information anyways.
