Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: incrediBILL
It's fairly basic, the basket code generates a session id if you don't already have one, and stores a list of product codes and a timestamp so I can delete old sessions.
The session ID is stored in a cookie.
My question is: would it be unprofessional to store the contents of the basket in a list of product codes, in a cookie? That way there is less load on my server, and the session id is in a cookie already anyways......
I'm just not sure what the 'professional' way to do it is. I'm guessing database but would like oppinions.
1. You wouldn't know how many shopping carts were abandoned.
2. You wouldn't know what products people are putting in their cart and then abandoning their carts.
3. What if someone had something in their cart but then that item sold out before that person checked out?
I don't know about "best" but what I do is store the cart selections server-side. Here is my reasoning.
If you store vars "in-page" as hidden values, this gives a potential hacker insight into How Things Work. Also it can be quite cumbersome after a while, carrying around a bunch of hidden values, or make for long and cumbersome query strings.
If you rely too heavily on cookies, same deal, and there **is** a limitation on how much data you can set in a cookie.
I try to keep it minimal: I use a shoppers' cookie *only* for the id that connects them with their cart. If the cookie cannot be read after the first item is added, they get a BIG WARNING that they won't be able to navigate out of the shopping cart because they have cookies disabled.
The really big advantage is as mentioned in the second post: through your admin interface, you can view all specific details of the abandoned orders, and trace their paths backwards through your site.
For me, it's just as important to keep it simple, I'd rather load up the database with static values than have to chase around dynamic values when something is broken.
4. What if the end user has cookies disabled?
I use a shoppers' cookie *only* for the id that connects them with their cart
I don't really think it's possible to avoid that cookie, unless you append your session ID onto every URL, but that would be very messy.
I don't really think it's possible to avoid that cookie...
Out of curiosity I've just been 'shopping' at a handful of the biggest online shops I could think of with cookies disabled and none of them could keep track of my shopping cart.
A couple at least gave a warning that I needed to have cookies enabled. Another gave a warning that 'something' was wrong and the others just carried on regardless, except that my cart was empty (or at least it was after I navigated to another page).
Use random 15 characters long string to identify user. But then why not use Session object provided all modern languages like PHP, ASP...
[edited by: George2006 at 6:11 pm (utc) on Jan. 11, 2008]
someone else's shopping cart, with all credit card information
I don't keep credit card information in with the shopping cart data. That would imply the user would have to give it before being able to add an item to the cart.
Second, I don't actually store the numbers on the server at all. Too much red tape and security risk.
You (everyone) can easily modify his cookie and change ShoppingCartID from 4 to 5.
You could, but it wouldn't work unless you also knew the MD5 hash of the cart contents.
Use random 15 characters long string to identify user
I actually use a timestamp, user IP, PID, and some random numbers to make a 32 character number string.
Pot.....kettle......black.....I don't really think it's possible to avoid that cookie...
If the cookie cannot be read after the first item is added, they get a BIG WARNING that they won't be able to navigate out of the shopping cart because they have cookies disabled.
By limiting the cookie contents to **just** an identifier to connect it to the cart items, all of the functional dependence is server side. If cookies are disabled, this still allows you to collect the order. If your cart data is stored in the cookie, you have nothing.