?
Solved

ASP Shopping Cart Cookies

Posted on 2006-05-26
10
Medium Priority
?
333 Views
Last Modified: 2013-11-29
Hi friends,

I'm progressing steadily with my first e-commerce type website. I'm at the shopping cart phase now so some questions about this. My ASP Cookie knowledge is very rusty :-(

I'm going to use either the ASP Session object or Request.Cookies object for my cart. Whichever works the best in your opinion. What's the best way to store the products selected by the user? I don't want to use a database to store the shopping cart items! The info I need to store is for example:

piID - the unique identifier that identifies each product in the product database.
Quantitiy - the quantity of this product the user has selected

1) I would like the code to store each product added to the basket by the user. The script name is going to be 'basket_add.asp'. It will need to store in Cookies each product selected by the user, one call at a time as each product is added.

2) I would like the code to loop through the Cookies and get each product and quantity the user has in their basket. This script is going to be 'view_basket.asp'.

3) I would like to know how to determine if the shopping basket is empty.

Plenty of points available.

Thanks in advance,

Lee.
0
Comment
Question by:LeeGolding
  • 6
  • 3
10 Comments
 
LVL 4

Accepted Solution

by:
Brimba earned 1000 total points
ID: 16767782
Here is a good example:

http://www.asp101.com/samples/shopping.asp

It stores a dictionary in the session.
You dont want to store the cart as a cookie since its easy to edit by a malicious user.
And its more common that a web user (browser) accepts session cookies than cookie, that is another reason.

You have the source code and example files and everything there.
0
 

Author Comment

by:LeeGolding
ID: 16767917
Some good points there.

I don't think that posting links deserves this amount of points. I would rather give more points to someone who can provide specifically code for the questions I ask please. Sorry, that's how I feel on this one.

If I am wrong, please contact a moderator and see what their opinon is.

Can anyone do some ASP for me to answer my 1,2,3 questions above.

Thanks,

Lee.
0
 

Author Comment

by:LeeGolding
ID: 16768920
Is there even a way to do this without using a Dictionary object? If not, could someone let me know, and I'll close the question ASAP.

Lee.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Assisted Solution

by:SimonBlake
SimonBlake earned 1000 total points
ID: 16769542

You could store an 2 dimensional array instead, or just a long string separated with odd chars... I've used prod1=2#|#prod2=1#|#prod3=2... then use the split/join functions.

I agree with Brimba tho, it's best not to use a cookie, otherwise you will have to also validate the thing every time it come back.

Simon
0
 

Author Comment

by:LeeGolding
ID: 16769605
Hi Simon,

So don't use Cookies, use the Session object instead? Forgive me but I thought that the Session object used cookies anyway? In which case, how would security be better using the Session object?

Thanks,

Lee.
0
 
LVL 7

Expert Comment

by:SimonBlake
ID: 16769743
Ok, I'll try to explain.

In web browsers there are 2 types of cookie storage, one is in memory and the other is a persistent cookie. Persistent cookies are the ones you can find on yor HD if you know where to look, however in memory or session cookies gone as soon as the browser closes...

When you access an IIS server it attempts to create a session immediatly (if the browser permits it to - there are noramally individual settings for session and persistent cookies in the security settings as one is more harmless than the other!)

In the session cookie, it just contains a unique id (long string of numbers and digits) that allow the server to map a web surfer to a memory space (and also used for click path tracking).

When you do something like Session("myBasket") = "Hello" the server allocates a space for this string and assigns it to the memory block pointed to by long ID in the session cookie.

This is safer as even though the cookie could be modified by a user, they would have to guess another ID to access the other memory block... These things are about 32 chars in length are pretty random... and they only last on average 20 mins past the last point they were used (the memory block saved will also be removed at this point).
The thing to watch out for tho is cross site scripting, as with that it is possible to grab someone's active cookie, modify yours to match and then pretend to be them on the next request... For that you will have to make sure there are no direct displays of what the user entered.

ps. If you want some code for the string method - I will dig it out and send it direct as there's quite a few parts to it as I had to write the management parts as well and also create a special string builder class to keep the speed up.

Simon
0
 

Author Comment

by:LeeGolding
ID: 16769815
As the site isn't high security, its just a small e-commerce site, I think I'll go with the session object for this and 2 dimensional arrays.

As per my description of the product info I need to store, what's the code snippet to add the product to the array definition, and secondly, whats the code to loop through the array definition so I can print out the contents of the user's basket.

Thanks :-)

Lee.
0
 
LVL 7

Expert Comment

by:SimonBlake
ID: 16769893
Ok, not so simple as the strign method, as you can't use the redim function on 2d arrays, so you can either store as 2 separate ones or split and join them...

I've gotta go in a mo, can I do something over the weekend for you.

Simon.
0
 

Author Comment

by:LeeGolding
ID: 16770061
I will have probably figured something out myself by then. But if it doesn't take you long, still post some examples in case they are better than mine :-)

In the meantime, I'm on a deadline so if anyone can give me some straightforward code for the question in my previous comment please do.

Thanks,

Lee.
0
 

Author Comment

by:LeeGolding
ID: 16781011
Hi Simon,

All done. In the end I used similar logic to the example shown by Brima's link.

Used the dictionary object to store the items, etc.

Thanks for your help all :-)

Lee.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Original post  on Monitis Blog. Web performance monitoring is broken into two camps: passive and active. Passive monitoring is defined as looking at real-world historical performance by monitoring actual log-ins, site hits, clicks, requests for …
While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
Suggested Courses
Course of the Month15 days, 13 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question