[rjwebgraphix]

I have a contact form that when the form is submitted, if it errors it passes back to the form with an &error=field on the URL. The error is looked at and displays an error message based on what is wrong.

I'm using a $_session to pass the info back to the form so it's still filled out the way they left it.

If they successfully submit the form, the thank you page will destroy the session data.

If they navigate away from the unfinished form and come back to it through link, the session is destroyed.

The only minor issue I see is if they navigate away from the errored form and don't come back to it, the session isn't destroyed. What can happen if the session isn't destroyed?

Is there a major concern with this?

[mab]

Each session is unique to the visitor and is keyed to the cookie that he is sent when the session is created. Depending on the value in - session.cookie_lifetime - the most the visitor could ever see is data from his own session anyway.

If the value in session.cookie_lifetime is zero (the default value) when the visitor closes his browser, the session is destroyed. When he comes back to your site, the session_start() will create a new session for him.

If the value in session.cookie_lifetime is not zero, if the visitor returns within that many seconds, the session_start() will resume his previous session.