ALWAYS Put the Record ID in the Edit Form
Summary: Users might have multiple pages of your app open in different tabs or windows. Use a page-specific ID, not something shared like a cookie or session data.
I started out this morning happy with my web host. They’d sent me an alert about disk usage that allowed me to catch an error that would have filled up all the available space on my VPS and taken down this site and several others, and I was able to fix it before that happened. That changed as I discovered what had actually set it up, as revealed by another, more pressing issue.
A few months ago, my VPS did lock up, because I’d set up backups on a new site and forgot to add a cleanup script. Tech support brought the server back online, I cleared out the backups, and I copied the script over from this site.
But this site’s cleanup script stopped running, and it reached 90% usage. The script was there, but the cron job was somehow pointing to the other script. I figured I must have messed it up at the time, made sure it was correct now, and moved on.
Later this afternoon, though, I discovered that a test blog I set up last week was pointing to the wrong site. That seemed really weird. I looked in the control panel and it was very neatly pointing to the other site’s folder. How does that happen?
Then I remembered: A few days ago, I’d reconfigured several sites to upgrade them to PHP 7.2. I’d opened them in multiple tabs to I could get them all at once. And I had this sinking feeling.
Sure enough: DreamHost’s control panel doesn’t put the form state in the page. As far as I can tell, the ID of the record you’re editing is stored in the session somewhere, which is fine if you only ever have one page open at a time, but if you open two pages, it gets confused.
That’s what probably happened a few days ago: I opened two forms, saved them both, and the settings for one site got written to the other. And it’s probably what happened a few months back with the cron jobs: I opened one to edit, the other for reference, and it overwrote the wrong one.
As near as I can tell it’s just the one site that got messed up, which is a relief. Even better that it’s the test site and not, say, this one. But I’m still waiting for the fixed config change to take effect.
Always, always put the record ID for an edit form in the form. People will open multiple records in different tabs or windows, to compare them or just to speed up their workflow.
If you store it in session, or in a cookie, or anywhere else, you run a good chance of saving the data into the wrong record.