Hi, I need to extend the vB sessions and add one field into it - is it possible? How to do it?

What are you trying to achieve with this?

To store temporary data between requests
e.g. step 1: show a form with some <select>s, whose content was generated using complex operations
step 2: verify that the values from <select>s are valid. (e.g. only for things that user has access on)

Whats wrong with using a simple form? To "post" data from step 1 to step 2?

I'm pretty sure it does what you are asking unless I'm missing something...

Whats wrong with using a simple form? To "post" data from step 1 to step 2?

I'm pretty sure it does what you are asking unless I'm missing something...

Erm ... security issue? I dont want users to change it.

You said yourself you a using a form in step 1...I don't see a massive security issue with submitting it to step 2 as well.

I mean I'm no sercurity expert but it seems what your doing is a little overkill. Unless the data your sending from step one to step two is extremely sensitive.

Erm, I probably explained it wrong.
The data are not sensitive, the problem is that if I write the data into HIDDEN fields, user can change it and without SLOW (that's the point,I wanna use sessions to avoid getting the data twice, because it's slow and it cannot be optimized) verification it'd be a security problem because user can manually choose fields that they dont have access to.

You can't change data in Hidden fields they are hidden... (the user has to check the HTML first to see they exist).

Unless you intercept the header requests and all that malarky. (Which is not something your average user can/would do)

Data is sent when the user submits a form...unless the form has thousands of elements passing the data twice won't have a noticeable impact on the performance if it has any at all that is.

There are a few extension (e.g. for Firefox) that allows user to change the hidden fields, referrer and other header in friendly GUI

You can't change data in Hidden fields they are hidden...

Of course you can (even if it mens having to save the HTML, editing the contents and then submitting the form). Every user input can be changed/faked - always keep that in mind!

Adding a filed to tabel session is simple:
1) ALTER the table
2) To set it:

$vbulletin->session->db_fields['foo'] = TYPE_STR;
$vbulletin->session->set('foo', 'bar');


That's it. The value will be read automatically and is available as $vbulletin->session->vars['foo'] in the next script call.

FYI @ cermi: there is an article at https://vborg.vbsupport.ru/showthread.php?t=152344 that also might help you.

Of course you can (even if it mens having to save the HTML, editing the contents and then submitting the form). Every user input can be changed/faked - alway keep that in mind!I know that...hence why I stated "(Which is not something your average user can/would do)", like I said I'm no security expert. :p

Adding a filed to tabel session is simple:

[QUOTE=calorie;1324709]FYI @ cermi: there is an article at https://vborg.vbsupport.ru/showthread.php?t=152344 that also might help you.

Thank you, that's what I was looking for :)
Sorry for asking already answered question, but I couldnt find that article