?
Solved

cookie value for shopping cart....

Posted on 2000-04-07
7
Medium Priority
?
254 Views
Last Modified: 2013-11-29
I'm in the process of finishing a mySQL backed e-commerce site, and will be implementing a shopping cart. The best way I've thought to do this would be to give every user a cookie with a unique ID number. Then everytime they place something in their cart, a record is added to the database with thier unique ID as the key.

I'm unsure of how to go about assigning this unique ID cookie, though. I know how to set and retrieve cookies, and process their info. But how would I set the cookie in the first place? Would I need an SSI call to set the cookie?

Also, how can I generate the unique ID? And how can I make sure that this cookie is secure (not SSL), so that their unique ID will not change over the course of their visit to the site?

I'm not interested much in the code needed to accomplish this, but rather the logistics involved. I appreciate any help, and will generously reward those who can help...

-Mike King
0
Comment
Question by:lunaboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 450 total points
ID: 2694011
"I'm unsure of how to go about assigning this unique ID cookie, though. "

you might want to use scheme of some kind for your cookie.Eg. unique user identifier+date time stamp.


"I know how to set and retrieve cookies, and process their info. But how would I set the cookie in the first place? Would I need an SSI call to set the cookie?"

you can do a simple check in PERL so see if the cookie has already been set. if the cookie is not set & the user is coming/being referred to by the login page, you just set the cookie using the print statement.

Eg.

$DOMAIN=".ny.smb.com";

print "Set-Cookie: back=yes; domain=$DOMAIN; path=/; \n";

you need to print the above before you print the content type MIMe header (viz.   print "Content-type: text/html\n\n";)


"Also, how can I generate the unique ID?"

you can use the above combination of unique userid+datetimestamp+ some random number to make the cookie ID uinque.

" And how can I make sure that this cookie is secure (not SSL),
so that their unique ID will not change over the course of their visit to the site? "

you can use, in fact will have to use, encryption algorithm of some kind to encrypt the cookie data. Also you might want to use PGP key to encrypt the cookie, therefore ensuring that ONLY the user with the corresponding private key can decruypt the cookie.

the encryption would only be one step in the entire authentication process. the next check would be to verify the same against the DB etc..

Also you might want to have a certain timeout period before the cookie becomes unusable. Finally you need to decide if you want to use a persistant on non-persistant/session cookie.


More info on cookies @

http://www.cookiecentral.com/
Hope that helps
0
 
LVL 1

Author Comment

by:lunaboy
ID: 2694071
Just for the URL, you get the points.

I think I'll use TIMESTAMP+RANDOM# as the unique ID.

I'll want the cookie to be set by the front page, so would I need to use SSI to check/set it?

-Mike K.
0
 
LVL 84

Expert Comment

by:ozo
ID: 2694177
be careful about making your RANDOM# too predictable, or it may be possible for someone to forge a unique ID to impersonate another user.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 16

Expert Comment

by:maneshr
ID: 2694181
"I'll want the cookie to be set by the front page, so would I need to use SSI to check/set it?"

no you need to check the HTTP_REFERER environment variable to find out which page is calling your cookie setting script.

0
 
LVL 1

Author Comment

by:lunaboy
ID: 2695229
I want the user to get a cookie no matter what page of the site they first visit. How can I do that?
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2695360
then your code is much simpler. All that you need to do is check if the cookie has already been set. if not set it and let the user continue!!
0
 
LVL 1

Author Comment

by:lunaboy
ID: 2696424
"then your code is much simpler. All that you need to do is check if the cookie has already been set. if not set it and let the user continue!! "

Yes, but how can I make sure that the person gets the cookie when they enter the front page? The front page is flat, not dynamic. How can I check the cookie from there?
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Original post  on Monitis Blog. Web performance monitoring is broken into two camps: passive and active. Passive monitoring is defined as looking at real-world historical performance by monitoring actual log-ins, site hits, clicks, requests for …
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question