0

I have a research study being run. Participants are asked to;

  1. Fill out a consent form (contains personal information as per GDPR)
  2. Complete a questionnaire.

My hopes was that the questionnaire responses could be anonymous, I would store the forms and questionnaires responses in separate databases with no reasonable way to match them up. The issue however is I must ensure no one can complete the second step, without competing the first.

My plan was to use PHP sessions, until I remembered that they could be used to match up the two databases. Or perhaps the second step is located on a secret URL to hope people don't find it? (Not really suitable...).

Given the problem, anyone have an idea on how I could go about ensuring the steps are done in order?

curiousguy
  • 5,028
  • 3
  • 25
  • 27
Fionn Delahunty
  • 1

1 Answers1

1

You could do something like that (other solutions could be possible):

Step 1: The user fills the consent form.

Step 2: The server validates the consent form then generates a unique link to the questionnaire, not tied to the consent form. This link that can only be used to validate one questionnaire. The server flags (in its database) the session cookie as "consent form validated", but again, without linking to the consent form.

Step 3: The user fills the questionnaire.

Step 4: The server validates the questionnaire and the cookie, then invalidates the unique link and clears the session cookie.

A. Hersean
  • 10,046
  • 3
  • 28
  • 42