Page 1 of 1

Your ultimate shopping cart system?

Posted: Wed Sep 10, 2003 10:55 am
by JPlush76
Just trying to get people's opinion on their ideal way to handle a shopping cart... for example.

User not logged in - track their shopping cart items with session vars

User is signed in - track their items with a user id key in a shopping cart table

Using cookies, etc....

Currently I'm just using a cookie to track a shopping cart id and I need to redesign my system as that approach doesn't seem to catch 100% of the people.

How would you do it? 8O

Posted: Mon Sep 15, 2003 2:53 pm
by SantaGhost
for the cookies i have encountered some problems, its certainly not fullproof. Ive been using sessions for a simple cart system.

This will shurely be one of the things ill be working on, something like a multifunctional shop class. Anyone using something like that?

Posted: Mon Sep 15, 2003 10:08 pm
by saramoon28
Im using pear session manager HTTP_SESSION with cookies for my shopping cart. I was using phplib session class with mysql, but the table that holds the sessions breaks up every third day. I guess cookies will work for me (hopefuly)

:roll:

Posted: Tue Sep 16, 2003 2:35 am
by m3mn0n
I'd use sessions. Mainly because of the whole cookie acceptance issue.

That was why your old system didn't catch all of your surfers, right?

Posted: Tue Sep 16, 2003 10:45 am
by JPlush76
sessions only shopping carts are only half a solution as well.

I have to design a nice mix of cookie, session, and database to be able to handle everyone properly. We have alot of schools that take weeks to build orders in their carts so I have to retain that info.

To use or not to use

Posted: Fri Sep 19, 2003 10:09 am
by evilMind
Cookies, much easier to deal with. Actually I use cookies+a_db to manage carts. For simple checks to see if cookies are enabled you might try something along the lines of...

Code: Select all

function CookieCheck( $cookieName ) {
      if (!isset($_COOKIEї$cookieName]) ) {
         if ( !isset($_GETї$cookieName]) ) {
            // If no cookie and no $_GETїfoo]=foo variable then we haven't tested yet. We need to test.
            $randNum = rand( 5000 , 50000 );
            $testCookieExpire = time() + ( 60 * 60 * 24 * 7 * 52 * 10 );
            setcookie( $cookieName , $randNum , $testCookieExpire , '/' , $_SERVERї'SERVER_NAME'] , 0 );
            $redirectHeader = 'Location: http://' . 
               $_SERVERї'SERVER_NAME'] . 
               $_SERVERї'REQUEST_URI'] . 
               ( strpos( $_SERVERї'REQUEST_URI'] , '?') ? ('&' . $cookieName . '=' . $randNum) : ('?' . $cookieName . '=' . $randNum) );
            header( $redirectHeader );
            exit( 0 );
         } else {
            $cookiesEnabled = false;
            // Or define( 'COOKIES_ENABLED' , false ); for global use
         }
      } else {
         $cookiesEnabled = true;
         // Run some code or exit or something.. 
      }
   }

Posted: Fri Sep 19, 2003 12:03 pm
by JPlush76
I like cookies as well but I've seen problems with them since we launched almost a year ago. Some people have them disabled or a number of other different situations...

what I'm thinking now is:
custom session class that writes to a database

>> user adds an item to their cart
if they are logged in the item gets logged into a cart table with the user_id as the key
if they are not logged on the item will be kept by session id

if they log in, that session id will update with the user id so the user's items are still in their cart.


so basically logged users will have the benefit of having their cart saved and visiting carts will just be session based and will delete upon exit.

thats what I'm thinkin of going with now

Posted: Fri Sep 19, 2003 5:17 pm
by evilMind
Just a reminder, sessions use cookies as thier primary means of identifying the client; if that fails sessions use a transient sid (which in my opinion is less secure than a cookie (I don't believe that cookies are more secure, but when compared to a transient sid, hands down cookies) ). With that in mind, what's the difference of going cookie/DB based Vs. Session/DB Based?

Also, you mentioned that you had problems with cookies, what kind of problems have you experienced???

Posted: Fri Sep 19, 2003 5:21 pm
by JPlush76
I know that if php can't set a session cookie it passes the PHPSESSID for each page, which wouldn't be a big deal.

The problems I've seen so far have been people who dont have cookies enabled or if they are in a secure network at work where cookies go through an approval program so ad tracking cookies can't get in.

by keeping tracking of their cart contents with a cookie variable I'm losing a few people a week probably. We've done over 1.6 million so far in a year on the site so its not a huge deal but it would be nice to accomodate everyone.

Posted: Fri Sep 19, 2003 5:54 pm
by evilMind
As far as the problem with people not having cookies enabled, try the code I posted earlier, that will take care of the checking of cookies being enabled or not; if not let me know. As far as corporate users having cookies blocked, well that's a whole different ball game there. Not sure I could help in that aspect.

The main reason why I push cookies so much, and not sessions, is because sessions create a file to keep track of the data. So you have to check for the cookie, then if that's not present, check the $_REQUEST[] variables for a transient sid, then find the file, open it, read the contents, setup any variables, and display the page based on the contents of the file (if it even exists, if not you have to create it...). That's a lot of work.. But either way you go, if you have a method that works the way you need it to, as I've been told, "Why re-invent the wheel?" :)

Posted: Fri Sep 19, 2003 5:56 pm
by JPlush76
I'm just trying to think of a system that will accomodate everyone best. Like I said using cookies ain't "cuttin it" now lol

Posted: Fri Sep 19, 2003 8:31 pm
by qads
i am building my first shopping cart so yay for me :P

i used a temp table to store user orders, later when the user wants to checkout i check to see if the user is logged in, if s/he is then put the temp data into hidden fields and pass it on to merchant service :D else, ask the user to login.

after the payment, the merchant account calls one of my pages and passes me the user id, i move the temp data to another table and delete it (delete temp data)....

thats about it i guess :roll:

uh..one more thing...

if the user is not logged in then i use MD5(time() * random number.session id) as user ID, i also have this in a session var...when the user logins in, i update the temp table data and set user_id to the real USER ID...

hope that made sense 8O

Posted: Tue Sep 23, 2003 5:20 pm
by mr_griff
I have been using a custom session/db cart system for two years and we haven't really had any one reporting problems due to the session/db backend. We have processed 21,000+ orders and $3.88 million in revenue over the last two years.

Our main concern is losing customers that experience things like session timeout, get frustrated and leave. A cookie based system could solve the session timeout issue, but then you might end up losing people with cookies turned off.

I would be very interested if you find/workout a system that covers both sides of this issue.

Posted: Wed Sep 24, 2003 2:25 pm
by mudkicker
I need some advices, too! I have just started to build a shopping site and couldn't decide how to create the database structure and security things..

Posted: Wed Sep 24, 2003 4:50 pm
by Unipus
So I see you're not listening to anything we said in that other thread. What's the URL of this site you'll be building? :?