Solved

Should I use cookies or IPs or somethnig else to ID user ?

Posted on 2000-03-18
7
159 Views
Last Modified: 2013-12-25
Hi,

I've written my own shopping cart system which has been integrated into our existing retail system.

Is it wise for me to rely entirely on Cookies for session ID's ?

I know some people turn off cookies, I also know that IPs are even less reliable due to mass proxy usage by AOL style customers.

Any advice on this subject would be appreciated also any statistics on the number of people who can't / won't accept cookies would be useful in helping me make my decision.

I've heard of software which uses the IP when cookies are not accepted but woundl't this just cause more problems is a proxy was used ?

Thanks

Kevin
0
Comment
Question by:kgorrell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:chaduka
ID: 2631315
IMHO, cookies are better than IPs. There is a very high security risk when one uses IPs as compared to using cookies.

You will have to tell people who turn off cookies "tough luck"!!!

There are solutions to your problem though. Application servers like Cold Fusion allow you the developer to store session variables and other info in the you registry or database. This eliminates the problem of people who turn off cookies and (AOL) proxies.
0
 

Author Comment

by:kgorrell
ID: 2631338
It's not acceptable to tell them tough luck - maybe I'll just tell them to accept the cookie - this could be enough !

I'm assigning a cart ID to each user and using this as the cookie (or session ID) - the actual cart is stored in a database on the server.

From what I understand cold fusion, etc can't store anything more on the client PC otherwise I could recreate this method myself - I'm usng a cookie as a session ID variable. If this is correct about Cold Fusion can anyone explain how it's achieved at the raw HTTP level - I don't see it being possible though without using some sort of cookie like feature which is present in all the main browsers.

Kevin
0
 
LVL 1

Expert Comment

by:chaduka
ID: 2631349
Hmmm, "tough luck" was my wording. Of course you will have to tell them to accept the cookies.

Cold Fusion won't store anything on the client PC (except cookies of coz, something we want to avoid), but on the server machine itself. The client URL will contain a session ID which CF will use (among other variables you set) to identify the user/session/browser. You might want to ask in the Cold Fusion area on more about session management, or ask on http://forums.allaire.com.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:kgorrell
ID: 2631355
Thanks for the info - I understand what you mean about the cold fusion stuff and it won't work in this case.

My software allows affiliates to advertise and sell my goods on their websites by creating their own website and using 'Buy Me' style buttons which will create a new shopping cart the first time a user picks a product.

Once the user has confirmed they want to add the  item to the cart they are returned to the affiliates site which is under a different domain and server and not under my control.

I don't think that I would be able to pass back the information needed to a 3rd party site so it could be accessed when and if they click on the second item for the shopping cart.

Looks like it's probably cookies for me then !
0
 
LVL 3

Expert Comment

by:monas
ID: 2631663

0
 
LVL 84

Expert Comment

by:ozo
ID: 2632027
You could also use <input type=hiddeh> or
WWW-Authenticate: Basic
0
 
LVL 2

Accepted Solution

by:
a198298 earned 75 total points
ID: 2719385
I have created a Shopping Cart myself and used IP's at first.

I had a problem with this when connecting with X-Stream because the IP was misteriously changing. Since then I have used a cookies.

Read the cookie
If no cookie send out unique identifier.
If the cookie is there reuse the unique identifier.

This way the user can return even if they have a dynamic IP.
0

Featured Post

Monthly Recap

May was a big month for new releases from Linux Academy! Take a look at what our team built recently in our blog. You can access the newest releases from our blog.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question