Sessions can be managed even if the browser is not accepting cookies - a little less securely, however. You can manage your cart via session cookie id and then fall-back on a URL-based session id if the browser is not accepting cookies.

If the cart relies on cookies to process cart data then you probably want to verify that cookies are set when a user first attempts to add an item to the cart.

hi i have just created a page that attempts to insert a cookie and then once user clicks to add something to cart the script then checks to see if there is a cookie present.
where is best to store add information as i have used a database that issues a ticket and then follows the user through to the end of the purcahse the cookie.

I have been trying to second guess possible situations, i have given the user a cookie with sessionid, the database has a different unque id based on the sessionid, so if the session doesnt = session then that ends the ticket, am i going along the right lines or is using database so not the right way to go?

I've got to be honest - I've never written a custom cart.

I see where you're going with it, though. I would probably store the cart information in a session until the visitor confirms that they're going to place the order.

Throwing things in a db right away is going to create A LOT of useless overhead and data bloat from cart-abandonment. It's also not necessary to use server resources to store something that you may never use again (if the visitor abandons to cart).

i got the feeling that you may be right right with the session thing i am not that experienced with using global.asa and session objects, i am sure it wont take me long though.
I feel comfortable with doing a database one as transactions will be few. Got to start somewhere, just suffering slightly with the ability to be able to hit the back button and change user info.

global.asa and session objects

If this is an asp based session, note that asp uses cookies to store session variables, so users can block them!

I would consider using a single variable to recognise the customer, store this in a cookie or if this is not possible pass it by URL.

Everything else I would put in the DB, along with a variable for order status. 1 - order started, 2 - checked out, 3 - order processed etc. A script run daily could delete all status = 1

hi because this is my first e-commerce project, this is only going to be based on accepting cookies.
I am a little stuck now though, i have run the pages and the cookie has sessionid in it, therefore each page is verified by that, the db has a unique identifier which is not known to the user.
Now once you checkout i have created a form by which you enter your details, upon submit the info gets submited, the user gets redirected to a page to which this deletes sessionid then refreshes to confirm to me that it is finished and db field goes to pending.
Now, i plan to use a paypal button which has a bring back to site link, i had planned then when user comes back after payment that db field pending would change to processed, but whats stopping the clever user from bypassing paypal and going straight to that page, is there something i can do to guarentee that they have come from paypal?