I have an administration form which consists of multiple steps, with the possibility to go back and forth. I decided to use sessions because if someone goes back and forth I don't have to worry about sending all the variables, because they are saved in the session.
In the first step, I delete the session if any is available. I do this, because if someone has signed up before and wants to sign up again for somebody else, then all the previous input would be present in the input boxes. So this is the starting page step1.php:
<?php isset($_SESSION))session_destroy(); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head> ... </head>
<body>
<form action='step2.php' enctype="multipart/form-data" method='post'>
...
</form>
</body>
</html>
Then, I save all input in the $_SESSION array in step2.php:
<?php
$_SESSION['var1']=$_POST['var1']
$_SESSION['var2']=$_POST['var2']
...
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head> ... </head>
<body>
<form action='step3.php' enctype="multipart/form-data" method='post'>
...
</form>
</body>
</html>
The problem is, if someone registers and is on page step2.php and accidentally opens step1.php in a new tab, then all saved variables from step1.php ($_SESSION['var1'],$_SESSION['var2'],..) are lost.
Is there any possibility to prevent that from happening?
Always POST to the same URL and execute different branches of code, depending on the fields you've received.