%session token not working in webforms

By arosboro on 20 Oct 2010 at 19:29 UTC

I keep track of a session variable, $_SESSION['school'] on my webpage that stores the school of the visitor. I would like to load this into a webform as a hidden value using the %session[school] token.When I added a hidden field with the token as the default value, and looked at the html of the form the hidden value is empty.

I also tried using the markup field type to use PHP directly, but any php code for example echo "hello world."; does not show anything. I had selected php as the input format.

Am I doing something wrong? The user is anonymous, does this affect the webform tokens?

Please help. Thanks.

Comments

Fixed

arosboro commented 20 October 2010 at 23:10

I found a solution to allow tracking of session variables for anonymous users. This is Webform 6.x-3.4.

around line 2531 of webform.module there is a line like this:

 * @param $allow_anonymous
 *   Boolean value indicating if all tokens should be replaced for anonymous
 *   users, even if they contain sensitive user information such as %session or
 *   %ip_address. This is disabled by default to prevent user data from being
 *   preserved in the anonymous page cache and should only be used in
 *   non-cached situations, such as e-mails.
 */
function _webform_filter_values($string, $node = NULL, $submission = NULL, $email = NULL, $strict = TRUE, $allow_anonymous = FALSE) {

change $allow_anonymous to TRUE and everything will work. You should not use caching if you do this, as sensitive information about users could be cached in your webforms.