> 2. You can use CGI on the server, and assign a session ID when someone > begins filling out the form. Then, track all form data on the server using > the session ID. > > While option #2 is probably more work, it is also more robust and easier to > control from the server, thus eliminating problems such as corrupted > cookies, disabled cookies, disabled JavaScript, etc. > This is a little excessive too. I'd still go with Yaron and simply pass data from form to form using <INPUT TYPE="HIDDEN"> sorts of stuff. Often SessionIDs are tracked using cookies anyway so this doesn't really help unless your language maintains the ID as a URL variable. Plus you run into all sorts of crap if you're using DNS round robin or other sorts of load balancing, unless you're going to dump the session data to a shared database. Then the whole thing really starts to spiral out of control :) -- Jesse Erdmann Engineer Secure Computing Corp. Tel. (651) 628-1535