jaeden,

Norton Internet Security can block cookies, referrers, web-bugs, and possibly change the User-agent on HTTP requests.

You might want to try a few things...

Set a cookie as soon as possible in the visitor's session, and then test it. If it has been blocked, then you can put up a warning/info page before the visitor goes to the trouble of adding items to their shopping cart. You could also check referrer and User-agent at this time to "correlate them," using the combined info to get a more accurate guess that they're using NIS.

Try poking around on Symantec's (Norton's) site to see if they have information about what NIS can do - blocking cookies, etc. Does your shopping cart reside in your own domain? If not, maybe NIS is blocking third-party cookies.

Buy a copy of Norton Internet Security, and use it during your own testing sessions. Find the problems before your customers do, and either change your site's design with respect to cookies/sessions/User-agents, or at least try to put up a sensible warning page with info on how to turn the problem-related NIS features off.

I've had no "mission critical" problems with NIS, so that's all I can suggest.

Jim

I agree that this sounds like a cookie problem. I had an intermittent "empty shopping cart" problem on an ASP cart site, and it proved to be some kind of bug in the software that was triggered only by a particular way the visitor entered the site. The software people never said exactly what it was, but I'm pretty sure a variable wasn't being initialized or set properly.

jdMorgan's suggestion of testing for cookies early and warning the customer is a good one (if your cart requires cookies).

What I can do is this. When a customer adds an item to the cart, I set a variable func=added and append it in the post of the add to cart link. That way when the item is added, the page comes up and says, 'an item has been added to your cart'. I'll set a cookie on the product display page, and when I see the func=added come back through, I'll check to see if that cookie is there. If so, I can display a message that says somehing like "You attempted to add an item to your cart. We were not able to add an item, due to the fact your browser does not allow cookies. Please enable your cookies. For more information, click here", or something like that.

This way, they won't add ten items, then click on checkout to find it empty.

You might also want to consider implementing p3p [w3.org] (machine readable privacy statement) as it can help cookies get accepted by browsers and 'security' programs.

See this thread [webmasterworld.com] for this and other suggestions about cookies.

Maybe not the case, but if you are using any sort of perl/cgi script that uses a 'valid referrers' check - you would usually just add your domain and maybe IP here - then that will fail under NIS because it blocks the http referrer string - or rather it is blank.
On one site I eventually removed the referrer checking in a script for precisely this reason. Not great, but not time to find another way around it.