I had the need to make a page accessible only after a user fill in a form.
Following Bob Rays’s instructions (god bless him) on this thread of the old forum I’ve created a series of snippets that do exactly what i want.
SessionHook
This fires as a formit hook just before the redirect to a “secure” page which is set in a TV [[*landing-page]]
$_SESSION['register_code'] = 'somerandomcode';
return true;
SessionConfirm
This also fires in the same page with the form and checks if the session cookie is already registered and eventually redirects to the secure page. This is to avoid to have to fill in the form every time.
$code = $modx->getOption('register_code', $_SESSION, '', true);
if ($code == 'somerandomcode') {
// retrieve TV value for authorized page
$tv = $modx->resource->getTVValue('landing-page');
// redirect to page
$modx->sendRedirect($modx->makeUrl($tv, '', '', 'full'));
}
SessionCheck
This fires on the secure page, checks for the cookie and if it’s not found redirects back to the form page
$code = $modx->getOption('register_code', $_SESSION, '', true);
if ($code !== 'somerandomcode') {
// retrieve TV value for unauthorized page
$tv = $modx->resource->getTVValue('form-page');
// redirect to form page
$modx->sendRedirect($modx->makeUrl($tv, '', '', 'full'));
}
The solution works as expected but it looks like the SESSION cookie has a duration of 1 week.
I’ve tried looking online but my understanding of PHP is quite limited.
Is there a way i can limit the duration of the cookie for this specific function to something like 30min or 1hour? Or register a different SESSION cookie than the default PHPSESSID one?
This is not a urgent issue but i’m always eager to learn new things 