unique ID cookie for shopping cart

I'm in the process of finishing a mySQL backed e-commerce site, and will be implementing a shopping cart. The best way I've thought to do this would be to give every user a cookie with a unique ID number. Then everytime they place something in their cart, a record is added to the database with thier unique ID as the key.

I'm unsure of how to go about assigning this unique ID cookie, though. I know how to set and retrieve cookies, and process their info. But how would I set the cookie in the first place? Would I need an SSI call to set the cookie?

Also, how can I generate the unique ID? And how can I make sure that this cookie is secure (not SSL), so that their unique ID will not change over the course of their visit to the site?

I'm not interested much in the code needed to accomplish this, but rather the logistics involved. I appreciate any help, and will generously reward those who can help...

-Mike King
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

mafwebConnect With a Mentor Commented:
I don't know whether you can configure apache like that, but if you have a logo displayed on that page, you could write a little perl script like this (let's hope your visitors have images on):

print ""; #cookie-code here, look at netscape's site for details
print "location:yourlogo.gif";

and insert it with
<img src=cookie.pl alt=logo>

this will set the cookie and display your logo. As said, can only be used, if your visitors have their images setting to "show"

hi Mike,

would be interesting to know which language you're using. PHP, for example, gives you the possibility to create an unique id with
uniqid()  (have a look at http://www.php3.de/manual/function.uniqid.php3).

Besides, what you can do to create such a token is to take the current time in milliseconds and concatenate it with some random value. This should be good enough (I know, there is slight a very slight chance that this is not unique *sigh*, but I don't know any other solution)

hope this helps,
by the way, you don't necessarily need SSI to set the cookie, all you need is the possiblity to send the cookie string before the end of the HTTP-header, especially before any HTML content

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

lunaboyAuthor Commented:
Thanks for the tip...

How would I set the cookie string before the end of the HTTP-header if the document is the index.shtml of the domain?

ex/ http://www.domain.com/index.shtml

the milliseconds and random is not a good approach - those 'tiny windows' always come back and haunt you.  And the worst thing about that one is that it only starts to hurt when you system starts to get lots of hits and is sucessful.

The general method of making a guaranteed unique number is language non-specific.  Open a file in which you keep a count, lock it, increment the count, unlock the file and use the count as the next sequence number.
that depends on the language. in php3, you just say

setcookie ("cookie_name", "cookie_val", time()+$expire);

in the first line of your page.
For Perl, this is similar, only that it does not provide an own setcookie function

lunaboyAuthor Commented:
okay, I have set the cookie as

That should work fine. This isn't a high traffic site, and we won't be getting so many users from the same IP at the same time ;-)

But, I'm using Perl and mySQL as a database (which is irrelavent to this quesiton), the front page is an .shtml doc, parsed by SSI of course. The problem I am having is that I want EVERY visitor to the site to get the cookie on the first page they visit, no matter where they enter. If there a way to make sure apache sends the set-cookie statement in every header? How can I do this?

Or how else could I ensure that every person gets a cookie?

-Mike K.
Apache does allow you to send the header first from your cgi.  I can not believe that there would be any server that would not allow this.  The header needs to go and as part of this is the content type, cachece control, cookies, etc.
All Courses

From novice to tech pro — start learning today.