My web application is heavily based around form input. I'd like to update the user's session with each form input that they update or change while working with a form. I'm thinking of implementing some simple javascript that listens for 'change' events on each form input. When the 'change' event fires, I'd like to make an ajax request to update the users session with that form input name and value. To do this, I would have to write a view that would allow the user to POST any thing they wanted (essentially) to their session - is this safe? It makes me think twice.