NYCPHP Meetup

[nycphp-talk] Multipage forms -- sessions or hidden variables

Rick Olson rolson at aeso.org
Fri Sep 8 12:43:40 EDT 2006


Main issue with the builtin session handling is that those sessions 
expire... so you'd run into problems where someone was putting stuff 
into their cart, then got up, went into the kitchen, ate some Ramen and 
drank a couple cups of coffee with their significant other while talking 
about various political issues plaguing our system these days, came back 
to finish shopping and check out, and she'd have to start all over again. :(

Rolan Yang mentioned overriding the default session handlers with 
MySQL.  That is also an option, but you need to configure it right and 
make sure none of that information expires to the point of the client 
not being able to access their cart anymore.

Hidden form variables aren't a very good idea, it's quite difficult to 
work with, especially if they don't follow the flow you _think_ they 
will follow.  People don't necessarily add something to their cart, then 
check out immediately.  They are likely to click other links, browse 
around, or even to go another site and come back to yours later.  All of 
those things would be very hard to maintain with hidden form variables.

In the past I've handled it in a number of ways.  One way is to set a 
cookie on their end with a unique "Shopping Cart ID", and have it expire 
in say a day or two or thirty (and store their current cart in the 
database).  You also need a way to validate that that shopping cart 
belongs to the user that claims it belongs to, so you don't end up with 
some dork hijacking someone elses cart and screwing with it.  Another is 
to force them to register on your site before they can check out.

There are plenty of other ways as well, depends on how complex you want 
to make it and how popular it's going to be.

~
Rick Olson

edward potter wrote:
> Sessions are very easy to work with. I think your best bet.
>
> :-) ed
>
> On 9/7/06, Rolan Yang <rolan at omnistep.com> wrote:
>   
>> In my experience, storing/passing all variables via server-side sessions
>> with a mysql based session handler simplifies many things.
>>
>> ~Rolan
>>
>> Cliff Hirsch wrote:
>>     
>>> I'm working on a simple multi-page shopping cart. Any thoughts on the
>>> merits of hidden variables versus session variables for moving between
>>> pages. I don't want to use a hidden variable for a CC #, unless ever
>>> page is secure. Even than, it seems like a poor idea. And I am
>>> interested in minimizing the session load, which translates to extra
>>> DB load. Thoughts?
>>>
>>> Cliff
>>>
>>> _______________________________
>>> *Pinestream Communications, Inc.*
>>> Publisher of /Semiconductor Times/ & /Telecom Trends/
>>> 52 Pine Street, Weston, MA 02493 USA
>>> Tel: 781.647.8800, Fax: 781.647.8825
>>> http://www.pinestream.com <http://www.pinestream.com/>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> New York PHP Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>>       
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>     
>
>
>   




More information about the talk mailing list