From cb0a14e601ecb4eaad13c6e8c210c76035273d30 Mon Sep 17 00:00:00 2001
From: Sean Harvey <sean@silverstripe.com>
Date: Sat, 19 Apr 2008 00:05:02 +0000
Subject: [PATCH] Added TODO about expiration

---
 code/MultiForm.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/code/MultiForm.php b/code/MultiForm.php
index a13dddb..44c8570 100644
--- a/code/MultiForm.php
+++ b/code/MultiForm.php
@@ -32,6 +32,16 @@ abstract class MultiForm extends Form {
 	 */
 	protected static $start_step; 
 	
+	/**
+	 * Define what type of URL you want to use throughout the step process.
+	 * 
+	 * The non-secure way is to go by ID, for example: http://mysite.com/my-form/?MultiFormSessionID=50
+	 * Alternatively, we store a hash, for example: http://mysite.com/my-form/?MultiFormSessionID=de9f2c7fd25e1b3afad3e850bd17d9b100db4b3
+	 *
+	 * @var $url_type either "ID", or "Hash"
+	 */
+	protected static $url_type = 'Hash';
+	
 	static $casting = array(
 		'CompletedStepCount' => 'Int',
 		'TotalStepCount' => 'Int',
@@ -69,6 +79,9 @@ abstract class MultiForm extends Form {
 	 * 
 	 * @TODO Security. Currently you're able to just change the ID of MultiFormSessionID in the URL. We need some
 	 * sort of identification so you can't just change to another session by changing the ID.
+	 * 
+	 * @TODO Expiration. We need to make sure that these sessions, making use of {@link MultiFormPurgeTask} and
+	 * {@link MultiFormObjectDecorator}
 	 */
 	public function init() {
 		$startStepClass = $this->stat('start_step');