• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

cookie value for shopping cart....

I'm in the process of finishing a mySQL backed e-commerce site, and will be implementing a shopping cart. The best way I've thought to do this would be to give every user a cookie with a unique ID number. Then everytime they place something in their cart, a record is added to the database with thier unique ID as the key.

I'm unsure of how to go about assigning this unique ID cookie, though. I know how to set and retrieve cookies, and process their info. But how would I set the cookie in the first place? Would I need an SSI call to set the cookie?

Also, how can I generate the unique ID? And how can I make sure that this cookie is secure (not SSL), so that their unique ID will not change over the course of their visit to the site?

I'm not interested much in the code needed to accomplish this, but rather the logistics involved. I appreciate any help, and will generously reward those who can help...

-Mike King
0
lunaboy
Asked:
lunaboy
  • 3
  • 3
1 Solution
 
maneshrCommented:
"I'm unsure of how to go about assigning this unique ID cookie, though. "

you might want to use scheme of some kind for your cookie.Eg. unique user identifier+date time stamp.


"I know how to set and retrieve cookies, and process their info. But how would I set the cookie in the first place? Would I need an SSI call to set the cookie?"

you can do a simple check in PERL so see if the cookie has already been set. if the cookie is not set & the user is coming/being referred to by the login page, you just set the cookie using the print statement.

Eg.

$DOMAIN=".ny.smb.com";

print "Set-Cookie: back=yes; domain=$DOMAIN; path=/; \n";

you need to print the above before you print the content type MIMe header (viz.   print "Content-type: text/html\n\n";)


"Also, how can I generate the unique ID?"

you can use the above combination of unique userid+datetimestamp+ some random number to make the cookie ID uinque.

" And how can I make sure that this cookie is secure (not SSL),
so that their unique ID will not change over the course of their visit to the site? "

you can use, in fact will have to use, encryption algorithm of some kind to encrypt the cookie data. Also you might want to use PGP key to encrypt the cookie, therefore ensuring that ONLY the user with the corresponding private key can decruypt the cookie.

the encryption would only be one step in the entire authentication process. the next check would be to verify the same against the DB etc..

Also you might want to have a certain timeout period before the cookie becomes unusable. Finally you need to decide if you want to use a persistant on non-persistant/session cookie.


More info on cookies @

http://www.cookiecentral.com/
Hope that helps
0
 
lunaboyAuthor Commented:
Just for the URL, you get the points.

I think I'll use TIMESTAMP+RANDOM# as the unique ID.

I'll want the cookie to be set by the front page, so would I need to use SSI to check/set it?

-Mike K.
0
 
ozoCommented:
be careful about making your RANDOM# too predictable, or it may be possible for someone to forge a unique ID to impersonate another user.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
maneshrCommented:
"I'll want the cookie to be set by the front page, so would I need to use SSI to check/set it?"

no you need to check the HTTP_REFERER environment variable to find out which page is calling your cookie setting script.

0
 
lunaboyAuthor Commented:
I want the user to get a cookie no matter what page of the site they first visit. How can I do that?
0
 
maneshrCommented:
then your code is much simpler. All that you need to do is check if the cookie has already been set. if not set it and let the user continue!!
0
 
lunaboyAuthor Commented:
"then your code is much simpler. All that you need to do is check if the cookie has already been set. if not set it and let the user continue!! "

Yes, but how can I make sure that the person gets the cookie when they enter the front page? The front page is flat, not dynamic. How can I check the cookie from there?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now