Re: why use cookies for shopping cart?

by "Leland V. Lammert" <lvl(at)omnitec.net>

 Date:  Mon, 13 Mar 2000 10:17:50 -0600
 To:  pbabcock(at)bgsgroup.com,
"hwg-techniques(at)hwg.org" <hwg-techniques(at)hwg.org>
 References:  omnitec omnitec2
  todo: View Thread, Original
At 09:39 AM 3/13/00 , Phil Babcock wrote:
> >To identify the user and create a relationship TO the data on the server.
>I use the session.sessionid.  Of course I also use ASP, so this might not
>be available to everyone.

What is a sessionid? This sounds like something unique to IE or IIS [most likely]? From what is a 'sessionid' created?

> >Both are required - the 'cart' is kept on the server, .. the cookie is
>used to identify WHICH cart belongs to THAT user.
>I see.  I guess this is true, most of the time.  I dont use any cookies
>ever, but use the session id to track the user to cart connection.  It does
>have its downsides, like for peole that come from the same proxy, etc.

Yes, this would be a *significant* downside! We once tried to report a hacker from an IP, .. only to have the ISP tell us "Unless you can alert us within 10 minutes of it happening, there is no way for us to trace that IP to one of the 25,000 current users on that proxy server."!! Turned out the simpler solution was to blacklist their Class B.

> >They must either accept  the cookie, .. or the designers can choose to not
>use them (we prefer to use a 'Car ID' passed as a hidden field from one
>form to the next, .. avoiding the cookie issue entirely).
>Yes I suppose that is about the same thing I do.  I pass the sessionid from
>one application to the secure site for checkout, etc etc.

Could it be that your asp is setting a hidden variable internally?? 

         HTH,

        Lee
============================================
    Leland V. Lammert                                lvl(at)omnitec.net
       Chief Scientist                         Omnitec Corporation
   Network/Internet Consultants              www.omnitec.net
============================================

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA