I have a web application which uses multi-screen forms - users progress from one screen to the next and when all the necessary data has been collected and validated, some business process is initiated. My current implementation uses fairly standard session state management with a session identifier in a cookie (or URL parameter) used to retrieve a serialised hash from the application database.

Although the application works perfectly well when used as intended, our users encounter problems if they try to complete two separate processes in parallel in different browser windows/tabs. The back button also can screw things up since users complete one sequence with one dataset, start on another with a second dataset then attempt to go back to amend the first (which is now gone from state altogether).

One alternative implementation would be to store the state client-side in a hidden form field rather than server-side in the database. Ideally the implementation would use encryption and a message digest to protect the serialised data against tampering.

I have found the CGI::EncryptForm module. But before I dive in and try it out I wondered if anyone had other modules to recommend or related advice to offer.