Hi!
Salt How is the salt ment to be used?
The salt is used in generating session namespace name for the element. So the name used is composed of (class name, salt, element name). That means if you have two hash elements on the same page with the same name (e.g. in different forms), they should have different salts otherwise they'll end up using same session storage. It may be useful to have different salts for elements with the same name even when they are not on the same page, but this is less important since hash stored in session is transient - i.e. it will be removed as soon as used up. Still, if there's a possibility of two hashes existing at the same time with same names, it may make sense for them to have different salts.
What is the best practice when using the salt so that: - The salt of 2 forms on different pages do not collide
If it's different page it shouldn't matter too much even if they collide, since the hash is transient - once form is submitted, the hash expires, so different page would not infringe on it, unless you have situation like pages loaded in frames, etc. Then maybe using module+controller or URI as salt would be fine, if you don't want to worry too much about inventing unique names. Don't choose it too long since it's used as key in session, so it's stored there too :)
- The same form can be rendered 2 times (and usable on more that one browser window at a time)?
Well, here it might be a problem, since right now hash element is built so that it stores only one token. You can give different salts, but you'd have to know which window has which salt. It can be done, e.g. by having another element storing the right salt, even though it doesn't seem the nicest way to build it...
-- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED]
