The POD for CGI::Session has a good discussion of the various methods: cookies, query string, or hidden field. And of course, using the module will make your life easier at least as far as getting up and running with sessions. | [reply] |
One way or another, you're going to have to use cookies or a session id (either in the URL or in a hidden field) for reliable session management. Take a look at CGI::Session. | [reply] |
You can also put the session key (as long as it is not predictable, e.g. an MD5 string) as the top directory in your URL:
http://your.com/14681655ef653af/home.html
The advantage of this approach is that if you make all of the links in your HTML relative to each other, you don't have to do any URL munging inside the HTML. Of course, you can forget about getting meaningful caching of proxy servers or browsers.
The session key is easily obtainable with mod_perl or rewritten using mod_rewrite.
Liz | [reply] |
When you're calculating prices, make sure to pass the value of the items and/or the shopping cart total around as form variables, and tell me the domain name of the store, so I can come and buy out your entire inventory at a steep discount by editing the html form that you passed back to me. Also, when coming up with a server secret for cookie generation, make sure it's readily guessable so I can sniff cookies flying by in the ether, and generate my own authentication token for their account without even knowing their password. If you're feeling really magnanimous, don't bother with ssl, and just send passwords and and credit card numbers in the clear. ;-)
Actually, you probably don't want to do any of these things, but you'd be surprised how often programmers of shopping carts fall into these traps.
| [reply] |
| [reply] |