Forms and Sessions

[eluser]weetstraw[/eluser]
I am building an multi page form that will submit on the last step, to do this I'm using sessions. I would like to keep all the posted data at the top of the controller (what do you call this part?) for the purpose of organization. Is this technique unsafe or incorrect?

Code:

<?php

class Question extends Controller {

    function Question()
    {
        parent::Controller();    
        
        $question_data=array(
            'question_type' => $this->input->post('question_type'),
            'question_text' => $this->input->post('question_text'),
            'question_details' => $this->input->post('question_details')
            );
        
        $this->session->set_userdata($question_data);
    }
    
    function index()
    {
        $this->load->view('question_s1.php');
    }
    
    function step2()
    {

        
        echo "type:".$this->session->userdata('question_type')."<br /><br />";
        echo "text:".$this->session->userdata('question_text')."<br /><br />";
        echo "details:".$this->session->userdata('question_details');
        
    //    $this->load->view('question_s2.php');
        
    }
}

[eluser]richzilla[/eluser]
'the top of the controller' you refer to is called the constructor. Its called whenever a new object is created from that class.

Sessions would seem to be the best way to achieve this, and there is nothingly inherently incorrect about using them for this purpose. CI sessions utilise browser based cookies and are limited to 4kb, so this is a consideration if you are already storing a lot in your session variables.

In terms of security, there are many posts on this forum concerned with session security, a quick search for session security shows up many relevant results.