Title: Technical Question regarding Session Variables
Last modified: February 3, 2022

---

# Technical Question regarding Session Variables

 *  Resolved [vycwebmaster](https://wordpress.org/support/users/vycwebmaster/)
 * (@vycwebmaster)
 * [4 years, 4 months ago](https://wordpress.org/support/topic/technical-question-regarding-session-variables/)
 * Scenario:
    Want to send our members unique links to a Web-Based Form so they 
   can submit any changes.
 * We would provide them with a link that contains their current form field data(
   encrypted) within the URL parameter clause
 * Given:
    The WP Form Plugin Vendor provides a way to add PHP functions (HOOKS)
   via add_filter or add_action, the thought was to temporarily capture the URL 
   parameter values in the post_meta table (the idea being post_id is unique so 
   could be uniquely associated with the data)
 * Questions:
    1) the Vendor has NOT provided Post_ID for all of its HOOKS … this
   leads me to wonder if they don’t actually make a post entry until after the form
   is submitted … this is too late as the data needs to be decrypted and assigned
   to the Form Fields
 * 2) is there a WP session/connection id available that can uniquely identify “
   THIS” user?
 * 3) Old-World, Top-Down methodology would just assign GLOBAL VARIABLES … but …
   very concerned with what happens when 2 or more users use this Form at the same
   time … one would hope within the multiuser UNIX world that each WP session would
   generate a copy of itself and all its associated

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [4 years, 4 months ago](https://wordpress.org/support/topic/technical-question-regarding-session-variables/#post-15329851)
 * Ideally member data would be tied to a WP user ID. I suspect members are not 
   necessarily registered users? There’s no built-in WP way to distinguish non-registered
   users between requests. Global values are of little help between requests, with
   the exception of session variables. A possible alternative to session vars are
   cookies. But using cookies often means GDPR compliance. Data could also persist
   between requests with transients, but you would need some unique identifier tied
   back to the user that keys the transient values. Things are much simpler with
   registered users 🙂
 * There’s no risk of one user getting another’s form data as long as each user 
   can be uniquely identified and you use proper security measures like verifying
   form data source with a nonce. Session or cookie vars are ways to uniquely identify
   users.
 *  Thread Starter [vycwebmaster](https://wordpress.org/support/users/vycwebmaster/)
 * (@vycwebmaster)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/technical-question-regarding-session-variables/#post-15397990)
 * Thanks for the feedback
 * I have set up some tests to reveal/prove to myself the actual Client – WP interactions:
 * Results:
    The Plugin provides the ability to add PHP code which hooks into the
   Form Action and Field Filter processes … these processes run before WP sends 
   the final HTML content to the Client … using a sequence counter initiated to 
   0 any time the PHP hook file opens, shows that the PHP hooks file is restarted
   when the Client Submits the form content back to WP
 * This means the PHP hooks file use of Global variables is problematic … a Global
   Variable set to capture/maintain URL parameters is lost/reset when the PHP file
   is restarted.
 * So brings me back to square one on how best to maintain a “SESSION” related set
   of vars?
 * Reviewing the HTML source, the only item that appears to stand out is that the
   FORM is provided a unique Captcha ID … suspecting this may be generated by some
   JS on the Client when the Page is loaded because I couldn’t find any reference
   to this value being generated in WP or the Plugin
 * From a high level, perhaps it isn’t necessary for WP/Plugin to maintain a link
   from the HTML page sent to the Client, to the Client’s final submission back 
   to the WP/Plugin
 * So that begs the question, if I need to tie these connections together, what 
   should I use? I did a search for cookie in WP and the Plugin and see there might
   be some cookie use … but … if the plugin is using a cookie it wasn’t showing 
   up in the windows app data folder
 * I could perhaps generate some kind of unique “SESSION ID” on the first connection
   and create a temporary SQL record but then how would subsequent connections know
   what record to relate to?
 * As a top-down dinosaur who has been coding since the mid 70’s, I guess I am having
   a hard time with this seemingly disjointed process
 * In a perfect world, I would envision WP creating a unique SESSION ID which it
   would provide to the Client embedded within the HTML source … any further interaction
   by the Client would then use this SESSION ID
 *  Thread Starter [vycwebmaster](https://wordpress.org/support/users/vycwebmaster/)
 * (@vycwebmaster)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/technical-question-regarding-session-variables/#post-15398404)
 * Warning: Potential Roundabout/Outside-The-Box Solution
 * This Form Plugin provides the ability to have HIDDEN form fields (might be able
   to also do this with regular HTML fields as they can also be hidden using is 
   embedded jscript on the client-side)
 * Regardless of the number of times the PHP file is loaded, the key to success 
   here is to capture/save the required data while the HTML is being built, and 
   ultimately have that data available when the submitted Form is processed … as
   stated impossible using globals as the PHP file that initiates these Globals 
   is being called multiple times … each time the PHP file is run the Globals are
   reinitiated.
 * Solution:
 * 1) Client opens a URL (potentially with parameters)
 * 2) WP/Plugin builds HTML page during which time these hidden fields can be populated
   with required data
 * 3) Client fills out/completes the form and submits the form
 * 4) WP/Plugin is now able to retrieve the previously stored data from the hidden
   field(s)
 * Simulate global var(s) by basically using the HTML content to hold the values
   until required
 * Thanks for listening … hope this simple idea helps others
 * Note: the data in these variables doesn’t have to make sense … the more nonsensical
   the better … using short length codes would be meaningless to most

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Technical Question regarding Session Variables’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 2 participants
 * Last reply from: [vycwebmaster](https://wordpress.org/support/users/vycwebmaster/)
 * Last activity: [4 years, 3 months ago](https://wordpress.org/support/topic/technical-question-regarding-session-variables/#post-15398404)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics