[nycphp-talk] Multipage forms -- sessions or hidden variables
rolson at aeso.org
Fri Sep 8 12:43:40 EDT 2006
Main issue with the builtin session handling is that those sessions
expire... so you'd run into problems where someone was putting stuff
into their cart, then got up, went into the kitchen, ate some Ramen and
drank a couple cups of coffee with their significant other while talking
about various political issues plaguing our system these days, came back
to finish shopping and check out, and she'd have to start all over again. :(
Rolan Yang mentioned overriding the default session handlers with
MySQL. That is also an option, but you need to configure it right and
make sure none of that information expires to the point of the client
not being able to access their cart anymore.
Hidden form variables aren't a very good idea, it's quite difficult to
work with, especially if they don't follow the flow you _think_ they
will follow. People don't necessarily add something to their cart, then
check out immediately. They are likely to click other links, browse
around, or even to go another site and come back to yours later. All of
those things would be very hard to maintain with hidden form variables.
In the past I've handled it in a number of ways. One way is to set a
cookie on their end with a unique "Shopping Cart ID", and have it expire
in say a day or two or thirty (and store their current cart in the
database). You also need a way to validate that that shopping cart
belongs to the user that claims it belongs to, so you don't end up with
some dork hijacking someone elses cart and screwing with it. Another is
to force them to register on your site before they can check out.
There are plenty of other ways as well, depends on how complex you want
to make it and how popular it's going to be.
edward potter wrote:
> Sessions are very easy to work with. I think your best bet.
> :-) ed
> On 9/7/06, Rolan Yang <rolan at omnistep.com> wrote:
>> In my experience, storing/passing all variables via server-side sessions
>> with a mysql based session handler simplifies many things.
>> Cliff Hirsch wrote:
>>> I'm working on a simple multi-page shopping cart. Any thoughts on the
>>> merits of hidden variables versus session variables for moving between
>>> pages. I don't want to use a hidden variable for a CC #, unless ever
>>> page is secure. Even than, it seems like a poor idea. And I am
>>> interested in minimizing the session load, which translates to extra
>>> DB load. Thoughts?
>>> *Pinestream Communications, Inc.*
>>> Publisher of /Semiconductor Times/ & /Telecom Trends/
>>> 52 Pine Street, Weston, MA 02493 USA
>>> Tel: 781.647.8800, Fax: 781.647.8825
>>> http://www.pinestream.com <http://www.pinestream.com/>
>>> New York PHP Community Talk Mailing List
>>> NYPHPCon 2006 Presentations Online
>>> Show Your Participation in New York PHP
>> New York PHP Community Talk Mailing List
>> NYPHPCon 2006 Presentations Online
>> Show Your Participation in New York PHP
More information about the talk