Solved

cookie value for shopping cart....

Posted on 2000-04-07
7
245 Views
Last Modified: 2013-11-29
I'm in the process of finishing a mySQL backed e-commerce site, and will be implementing a shopping cart. The best way I've thought to do this would be to give every user a cookie with a unique ID number. Then everytime they place something in their cart, a record is added to the database with thier unique ID as the key.

I'm unsure of how to go about assigning this unique ID cookie, though. I know how to set and retrieve cookies, and process their info. But how would I set the cookie in the first place? Would I need an SSI call to set the cookie?

Also, how can I generate the unique ID? And how can I make sure that this cookie is secure (not SSL), so that their unique ID will not change over the course of their visit to the site?

I'm not interested much in the code needed to accomplish this, but rather the logistics involved. I appreciate any help, and will generously reward those who can help...

-Mike King
0
Comment
Question by:lunaboy
  • 3
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 150 total points
Comment Utility
"I'm unsure of how to go about assigning this unique ID cookie, though. "

you might want to use scheme of some kind for your cookie.Eg. unique user identifier+date time stamp.


"I know how to set and retrieve cookies, and process their info. But how would I set the cookie in the first place? Would I need an SSI call to set the cookie?"

you can do a simple check in PERL so see if the cookie has already been set. if the cookie is not set & the user is coming/being referred to by the login page, you just set the cookie using the print statement.

Eg.

$DOMAIN=".ny.smb.com";

print "Set-Cookie: back=yes; domain=$DOMAIN; path=/; \n";

you need to print the above before you print the content type MIMe header (viz.   print "Content-type: text/html\n\n";)


"Also, how can I generate the unique ID?"

you can use the above combination of unique userid+datetimestamp+ some random number to make the cookie ID uinque.

" And how can I make sure that this cookie is secure (not SSL),
so that their unique ID will not change over the course of their visit to the site? "

you can use, in fact will have to use, encryption algorithm of some kind to encrypt the cookie data. Also you might want to use PGP key to encrypt the cookie, therefore ensuring that ONLY the user with the corresponding private key can decruypt the cookie.

the encryption would only be one step in the entire authentication process. the next check would be to verify the same against the DB etc..

Also you might want to have a certain timeout period before the cookie becomes unusable. Finally you need to decide if you want to use a persistant on non-persistant/session cookie.


More info on cookies @

http://www.cookiecentral.com/
Hope that helps
0
 
LVL 1

Author Comment

by:lunaboy
Comment Utility
Just for the URL, you get the points.

I think I'll use TIMESTAMP+RANDOM# as the unique ID.

I'll want the cookie to be set by the front page, so would I need to use SSI to check/set it?

-Mike K.
0
 
LVL 84

Expert Comment

by:ozo
Comment Utility
be careful about making your RANDOM# too predictable, or it may be possible for someone to forge a unique ID to impersonate another user.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 16

Expert Comment

by:maneshr
Comment Utility
"I'll want the cookie to be set by the front page, so would I need to use SSI to check/set it?"

no you need to check the HTTP_REFERER environment variable to find out which page is calling your cookie setting script.

0
 
LVL 1

Author Comment

by:lunaboy
Comment Utility
I want the user to get a cookie no matter what page of the site they first visit. How can I do that?
0
 
LVL 16

Expert Comment

by:maneshr
Comment Utility
then your code is much simpler. All that you need to do is check if the cookie has already been set. if not set it and let the user continue!!
0
 
LVL 1

Author Comment

by:lunaboy
Comment Utility
"then your code is much simpler. All that you need to do is check if the cookie has already been set. if not set it and let the user continue!! "

Yes, but how can I make sure that the person gets the cookie when they enter the front page? The front page is flat, not dynamic. How can I check the cookie from there?
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
Read about how to choose the best possible content marketing agency to suit your needs. Content marketing has become an integral part of running a successful tech business, so it is wise to be informed.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now