passing parameters securely in Zend

Question

I am in service controller, login action (/service/login) and I want to pass the name,email and company to profile controller, register action(/profile/register).

Currently I am doing this way

$this->_redirect('/profile/register/?name='.$name.'&emailid='.$email.'&companyid='.$company);

But I want to pass this info to /profile/register in a way such that the user can't see these in the url.

I tried with $this->_forward like this

$params = array(
name=>$name,
emailid=>$email,
companyid=>$company
);
$this->_forward('register','profile',null,$params);

But this isn't working. Is there any other way I can do this?

Answer 1

To pass parameters securely, you should store the data in a session, or if you cannot use sessions, then in the database.

You could use Zend_Session to store the data temporarily until the next page view where you can retrieve it and it will be deleted (or you can let it persist).

$s = new Zend_Session_Namespace('registrationData');
$s->setExpirationHops(1);  // expire the namespace after 1 page view
$s->name = $name;
$s->email = $email;
$s->companyId = $company;

// ...
return $this->_redirect('/profile/register);

And then in profile/register:

$s = new Zend_Session_Namespace('registrationData');
$name = $s->name;
$email = $s->email;
$companyId = $s->companyId;
// when this request terminates, the data will be deleted if you leave
// setExpirationHops as 1.

See also Zend_Session - namespace expiration