473,703 Members | 3,014 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

four or five shopping cart design questions


High Level Session Handling Design for a Shopping cart
0) What am I missing?
1) How does OSCommerce do it?

I'm thinking about building a shopping cart from scratch,
using a library of dynamic screen generation routines
(already written) that take an XML stream as input from
various "search for products" forms. That way I can
run queries in one window and display the dynamic
results in another. The searching functions will probably
not index into a relational schema. Instead I'll use
Lucene to parse keywords and values out of XML-based product
descriptions. I know a lot about XML, Lucene, Xpath, XQuery
and dynamic screen rendering. But I have no experience
(at all) working with shopping carts in general.

2) How does repeat customer session handling usually work?
When a customer first logs in we generate a sessionID
and send it back to the client as a cookie.

Later on in the session, and before we can consumate a purchase,
they have to supply name address and (https) credit card number. We
put that stuff (not including the credit card number), along with the
sessionID, into a database of some kind. That part (customer contact info)
may well be mysql.

Any current shopping cart items are handled as
session memory items. Session memory will probably track items
with a hashed array of productObject types, which is a complex
object class that includes lots of generic stuff about each product
in the catalog (name, inventoryID, etc)
That way we can jump from screen
to screen without losing session, while finishing up at a "review cart" screen.

Review cart has cart-editing features (two of these, none of those)
plus contact information editing, plus a "Make Purchase" button that sends the transaction
off to a 3rd party transaction handler, sends an email receipt
to the customer and then prints a Thank You screen. It's probably a good idea NOT to store
credit card numbers on the server. Instead we hold it just
long enough to clear the transaction.

3) What security pitfalls surround holding credit card information
in session memory? How long do we keep credit card numbers?

5) If the customer negotiates his/her way all the way out to
the cart editing screen, where they do fill in a card number, name
and address, and then change their mind, and go back to
the shoppingMode screens, do we NULL out the credit card in
session memory? Or keep it around. And if so for how long?


Jan 18 '06 #1
2 2298
Forgot to add:

Each consumated purchase would exist as a hashed array of
productObjects, so I suppose that could be serialized,
associated with that users semi-permanent sessionID
and then persisted on the server, so the server
could retreive every known detail about every transaction,
after the fact.

So the shopping cart could recreate a transaction history
for that customer (do you want to see the details of
your 2nd to last order?)
Jan 18 '06 #2
d
"G.E.M.P" <sl*********@sp ammers.com> wrote in message
news:gZ******** ************@br esnan.com...


--------------------------------------------------------------------------------

High Level Session Handling Design for a Shopping cart
0) What am I missing?
1) How does OSCommerce do it?
Take notes from OSCommerce, but for the love of God don't use it ;)

OSCommerce stores a composite ID of the product and it's attributes (say
colour=blue, size=large) in the DB alongside the user's ID. That's
essentially it.
I'm thinking about building a shopping cart from scratch,
using a library of dynamic screen generation routines
(already written) that take an XML stream as input from
various "search for products" forms. That way I can
run queries in one window and display the dynamic
results in another. The searching functions will probably
not index into a relational schema. Instead I'll use
Lucene to parse keywords and values out of XML-based product
descriptions. I know a lot about XML, Lucene, Xpath, XQuery
and dynamic screen rendering. But I have no experience
(at all) working with shopping carts in general.
Shopping carts are scary to many developers, as it's usually a break from
the norm. They are, however, a great demonstration of where a small amount
of code, properly organised (as I'm sure yours will be), can provide a lot
of very useful functionality. It's just storing numbers next to each other.
The "cart" is simply a relationship between the user and a product, after
all.
2) How does repeat customer session handling usually work?
When a customer first logs in we generate a sessionID
and send it back to the client as a cookie.
Bingo.
Later on in the session, and before we can consumate a purchase,
they have to supply name address and (https) credit card number. We
put that stuff (not including the credit card number), along with the
sessionID, into a database of some kind. That part (customer contact info)
may well be mysql.
That's essentially it. When the user logs in, the session is
created/resumed. You can then add to that as and when you need to. When a
purchase is going to be made, you ask them for their details, etc (and
username/password), and set them up a user account. You can then create a
login script to populate the session with their stored data when they log
back in (say, cart contents).
Any current shopping cart items are handled as
session memory items. Session memory will probably track items
with a hashed array of productObject types, which is a complex
object class that includes lots of generic stuff about each product
in the catalog (name, inventoryID, etc)
That way we can jump from screen
to screen without losing session, while finishing up at a "review cart"
screen.
You just need to hold the composite IDs of the products, and their basic
display information (price, actual price, make, model, etc.).
Review cart has cart-editing features (two of these, none of those)
plus contact information editing, plus a "Make Purchase" button that sends
the transaction
off to a 3rd party transaction handler, sends an email receipt
to the customer and then prints a Thank You screen. It's probably a good
idea NOT to store
credit card numbers on the server. Instead we hold it just
long enough to clear the transaction.
You can hold it on the server - just do it sensibly. Obviously you should
get rid of it when you've used it, as you say.
3) What security pitfalls surround holding credit card information
in session memory? How long do we keep credit card numbers?
Don't keep it in session memory, unless you can guarantee that the path
where the sessions are being stored (assuming you're using the default
file-based sessions) is secure, and impossible for non-web-server users to
gain access to. You could write a custom session handler (really quite
easy) which incorporates some more advanced security features to assure the
security of the credit card information. Once you have their money, get rid
of the credit card information. That's law in many countries, so it's
better to be safe than in court ;)
5) If the customer negotiates his/her way all the way out to
the cart editing screen, where they do fill in a card number, name
and address, and then change their mind, and go back to
the shoppingMode screens, do we NULL out the credit card in
session memory? Or keep it around. And if so for how long?
Personally, I'd give the user the choice. You can have the credit card
information time out in the session, so if they don't go back to the
checkout in, say, 5 minutes, then your code will nullify the number in the
session.



I wish more people wrote their own shopping cart/store systems, as opposed
to just relying on OSCommerce and its derrivations (zen cart, I'm looking at
you). Those products simply suck, and if talented folks make their own,
their grip of mediocrity will be broken. Good luck!
Jan 18 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
2712
by: Phil Powell | last post by:
I need a back-to-basics shopping cart tutorial in PHP/mySQL. I thought I had it down and I failed, as usual. Here is what I mapped out as a spec: 3) initial work on bestilling.php to contain the following plan: 1) Cookie: 'nordicnet_bestilling' to contain unique, random 16-char string 2) Table: nnet_produkt_bestilling to contain ordering information bundled by unique bestilling_id (16-char string) a) produkt_id
2
3027
by: Erik | last post by:
Does anybody know of a free ASP shopping cart or some free ASP code to help someone get a shopping cart started. Or does anybody have any experience using a ASP shopping cart that is inexpensive and works good. I need to create a shopping cart in ASP and any useful info or tips would be helpful. Thanks. Erik Roessing
2
2858
by: Don Grover | last post by:
I am retrieving costs and product id's from a sql db. and need to build a shopping cart around it. How do I store the selected items and qty req so I can move into another catalog and total up as im going. Just a couple of hints will do, Im familiar with vb script but not java based code , and im wondering how to store what they select so I can move around different product ranges. Don
16
2302
by: Pierre Jelenc | last post by:
I need to lay out a page with five main elements: A fixed div at the top containing a navigation bar, two side-by-side columns, a centered shopping cart at the bottom, and a full-window fixed div to provide a border. A test page is at http://www.marcvonem.com/discography.html The navigation bar and absolutely positioned side by side columns look fine (with a few cosmetic problems that will be dealt with later) but I cannot figure out...
1
1815
by: Jia Sun | last post by:
hello , everybody , i need a similar program , just like fancyimport.com if possible, pls contact me ,thank you very much . inchina@gmail.com
5
20519
by: VM | last post by:
I'm interested in creating a simple shopping cart in C#. Are there sites that show you, step by step, how to create a simple cart? The sites I've found only show you pre-made shopping carts that you can reuse. Those are good but I'd like to learn how to create one from scratch. Thanks. VM
7
2630
by: isaac2004 | last post by:
hi i have a basic asp page that acts as an online bookstore. on my cart page i am having trouble generating 3 numbers; a subtotal, a shipping total, and a final price. here is my code i would like it to work properly so that a record count counts through all the books and genertates these numbers. watch out for line breaks <%@ Language=VBScript %> <% Option Explicit %> <!--#include file="DatabaseConnect.asp"-->
1
7294
by: jecha | last post by:
I'm implementing a shopping cart but am having a problem in checking out a person who has added item in his/her shopping busket.The code for the checkout.php script is given below <? require_once('functions.inc.php'); session_start(); do_html_header("Checkout"); $cart = $_SESSION; if($cart&&array_count_values($cart)) { display_cart($cart,false,0); display_checkout_form($HTTP_POST_VARS);
6
1874
by: frank | last post by:
can anyone point me to a free shopping-cart script?
0
8659
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
1
8995
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8951
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7844
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6585
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4674
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3113
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2424
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2055
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.