Mobile app version of vmapp.org
Login or Join
Cooney921

: E-commerce with secure cart and payment I want to create an e-commerce project online.. so I have this issue : if the user is not logged in , then the selected products will be automatically

@Cooney921

Posted in: #Authentication #WebApplications

I want to create an e-commerce project online.. so I have this issue :

if the user is not logged in , then the selected products will be automatically added to a default cart .. under the name of guest001, guest002 etc... where guest is a defaul user..

if the user signup , then the system will automatically check in his cart default data.. to add it to his new account

when the user then wants to add new products to cart, they will be added directly to his cart.

My questions are :

What's better, using cookies to store the data in the user's machine, so it will be used by the system once the user creates his account?? or using a server side variables??
What's better? creating a default client (guest) in the database once the unkown user adds something to his cart, or just create a cookie with stored data without need to create a guest user??

and thank you in advance.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Cooney921

2 Comments

Sorted by latest first Latest Oldest Best

 

@Marchetta884

I recommend storing all state, including the state of the cart, in session state on the server side. It doesn't need to be in the database; most web application frameworks provide a way to store session state on the server side, e.g., in memory. I don't recommend storing this state in cookies. The reason is that a malicious client can tamper with data stored in the cookies. (For instance, if you stored the set of items in the cart and their prices in cookies, then a malicious user could modify the price of each item as found in his/her cookie.) Because session state is linked to the session, not the user, session state is automatically preserved if the user creates an account in the middle of their session.

10% popularity Vote Up Vote Down


 

@Rambettina238

Well, I think this is more of a StackOverflow question than a Security one. That said, I wouldn't perform any updates on the database until you get to the order submission stage. There's no reason to track what's in a cart except by session data. Whether you want to maintain the state on the server or just pile on cookie entries is a question that I think is just an architectural triviality.

I imagine you're in a position where a user must create an account to place an order. If that's the case, you should be all set. A cart isn't connected to a customer until it becomes an order or the customer logs in and the cart is persisted to it survives across sessions. If a customer can place an order without an account, attach it to a single default user.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme