cookies and carts

--00504502ad3b561e94047a2b2112
Content-Type: text/plain; charset=ISO-8859-1

I have a shopping cart type system set up which keeps track of the cart
contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
equal to the quantity, so the name/value pair is all the information I need.

But sessions are unreliable on the free server I am currently using for this
website (not my choice), so I had start using cookies because users were
being sporadically logged out, sometimes just on a page refresh.

I want to find a way to set a cookie to remember the cart items as well, and
I thought setting a cookie for each item/quantity pair was the way to go
until I started trying to figure out how to unset all those cookies if the
user empties their cart.

Is there any way to set cookies with an array for the name? Intead of
$_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
SESSION?

--00504502ad3b561e94047a2b2112--

Re: cookies and carts

--=-gvZTRecUrpJ2jgjqJFbz
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote:

> I have a shopping cart type system set up which keeps track of the cart
> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> equal to the quantity, so the name/value pair is all the information I need.
>
> But sessions are unreliable on the free server I am currently using for this
> website (not my choice), so I had start using cookies because users were
> being sporadically logged out, sometimes just on a page refresh.
>
> I want to find a way to set a cookie to remember the cart items as well, and
> I thought setting a cookie for each item/quantity pair was the way to go
> until I started trying to figure out how to unset all those cookies if the
> user empties their cart.
>
> Is there any way to set cookies with an array for the name? Intead of
> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
> SESSION?


What about storing a unique ID in the cookie, and matching it up with
information for that user in a database. It's sort of simulating a
sessions, but without the session handler getting involved, which looks
slightly messed up from what you've said.

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-gvZTRecUrpJ2jgjqJFbz--

Re: cookies and carts

--=-PWPRTxhie5CrfZpX6y4R
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Mon, 2009-12-07 at 16:48 -0600, Philip Thompson wrote:

> On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote:
>
> > On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote:
> >
> >> I have a shopping cart type system set up which keeps track of the cart
> >> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> >> equal to the quantity, so the name/value pair is all the information I need.
> >>
> >> But sessions are unreliable on the free server I am currently using for this
> >> website (not my choice), so I had start using cookies because users were
> >> being sporadically logged out, sometimes just on a page refresh.
> >>
> >> I want to find a way to set a cookie to remember the cart items as well, and
> >> I thought setting a cookie for each item/quantity pair was the way to go
> >> until I started trying to figure out how to unset all those cookies if the
> >> user empties their cart.
> >>
> >> Is there any way to set cookies with an array for the name? Intead of
> >> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
> >> SESSION?
> >
> >
> > What about storing a unique ID in the cookie, and matching it up with
> > information for that user in a database. It's sort of simulating a
> > sessions, but without the session handler getting involved, which looks
> > slightly messed up from what you've said.
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
>
> Blast your speedier typing!! =P
>
> ~Philip
>


By the power of Kenco!

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-PWPRTxhie5CrfZpX6y4R--

Re: cookies and carts

On Dec 7, 2009, at 4:39 PM, Allen McCabe wrote:

> I have a shopping cart type system set up which keeps track of the =
cart
> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] =
is
> equal to the quantity, so the name/value pair is all the information I =
need.
>=20
> But sessions are unreliable on the free server I am currently using =
for this
> website (not my choice), so I had start using cookies because users =
were
> being sporadically logged out, sometimes just on a page refresh.
>=20
> I want to find a way to set a cookie to remember the cart items as =
well, and
> I thought setting a cookie for each item/quantity pair was the way to =
go
> until I started trying to figure out how to unset all those cookies if =
the
> user empties their cart.
>=20
> Is there any way to set cookies with an array for the name? Intead of
> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I =
have the
> SESSION?

Don't do it this way. At some point (don't know if it's still true), IE =
had a limit of 20 cookies per domain - this includes cookie arrays. The =
proper way to do this would be to hold some sort of key in a cookie:

user_cart =3D 'some unique value for this user'

Then, in your PHP code, grab the value of $_COOKIE['user_cart'] to =
reference data in a database. Then, you pull the information from the =
database with this unique key and use it to display the appropriate =
items. This is the most secure way to do it (with the proper security =
measures ;) and it doesn't put 100's of needless cookies on the user's =
machine.

Hope this helps.
~Philip=

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: cookies and carts

On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote:

> On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote:
>=20
>> I have a shopping cart type system set up which keeps track of the =
cart
>> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] =
is
>> equal to the quantity, so the name/value pair is all the information =
I need.
>>=20
>> But sessions are unreliable on the free server I am currently using =
for this
>> website (not my choice), so I had start using cookies because users =
were
>> being sporadically logged out, sometimes just on a page refresh.
>>=20
>> I want to find a way to set a cookie to remember the cart items as =
well, and
>> I thought setting a cookie for each item/quantity pair was the way to =
go
>> until I started trying to figure out how to unset all those cookies =
if the
>> user empties their cart.
>>=20
>> Is there any way to set cookies with an array for the name? Intead of
>> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I =
have the
>> SESSION?
>=20
>=20
> What about storing a unique ID in the cookie, and matching it up with
> information for that user in a database. It's sort of simulating a
> sessions, but without the session handler getting involved, which =
looks
> slightly messed up from what you've said.
>=20
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk

Blast your speedier typing!! =3DP

~Philip


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: cookies and carts

--Apple-Mail-6-598825571
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii

On Dec 7, 2009, at 4:46 PM, Ashley Sheridan wrote:

> On Mon, 2009-12-07 at 16:48 -0600, Philip Thompson wrote:
>>=20
>> On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote:
>>=20
>> > On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote:
>> >=20
>> >> I have a shopping cart type system set up which keeps track of the =
cart
>> >> contents using a SESSION variable, where =
$_SESSION['cart'][$item_id'] is
>> >> equal to the quantity, so the name/value pair is all the =
information I need.
>> >>=20
>> >> But sessions are unreliable on the free server I am currently =
using for this
>> >> website (not my choice), so I had start using cookies because =
users were
>> >> being sporadically logged out, sometimes just on a page refresh.
>> >>=20
>> >> I want to find a way to set a cookie to remember the cart items as =
well, and
>> >> I thought setting a cookie for each item/quantity pair was the way =
to go
>> >> until I started trying to figure out how to unset all those =
cookies if the
>> >> user empties their cart.
>> >>=20
>> >> Is there any way to set cookies with an array for the name? Intead =
of
>> >> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like =
I have the
>> >> SESSION?
>> >=20
>> >=20
>> > What about storing a unique ID in the cookie, and matching it up =
with
>> > information for that user in a database. It's sort of simulating a
>> > sessions, but without the session handler getting involved, which =
looks
>> > slightly messed up from what you've said.
>> >=20
>> > Thanks,
>> > Ash
>> > http://www.ashleysheridan.co.uk
>>=20
>> Blast your speedier typing!! =3DP
>>=20
>> ~Philip
>>=20
>=20
> By the power of Kenco!
>=20
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>=20

I hope you don't kiss your mother with that mouth!!


--Apple-Mail-6-598825571--

Re: cookies and carts

--=-x5sDw6I/dQUGtOaHScw6
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Mon, 2009-12-07 at 16:53 -0600, Philip Thompson wrote:

> On Dec 7, 2009, at 4:46 PM, Ashley Sheridan wrote:
>
> > On Mon, 2009-12-07 at 16:48 -0600, Philip Thompson wrote:
> >>
> >> On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote:
> >>
> >> > On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote:
> >> >
> >> >> I have a shopping cart type system set up which keeps track of the cart
> >> >> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> >> >> equal to the quantity, so the name/value pair is all the information I need.
> >> >>
> >> >> But sessions are unreliable on the free server I am currently using for this
> >> >> website (not my choice), so I had start using cookies because users were
> >> >> being sporadically logged out, sometimes just on a page refresh.
> >> >>
> >> >> I want to find a way to set a cookie to remember the cart items as well, and
> >> >> I thought setting a cookie for each item/quantity pair was the way to go
> >> >> until I started trying to figure out how to unset all those cookies if the
> >> >> user empties their cart.
> >> >>
> >> >> Is there any way to set cookies with an array for the name? Intead of
> >> >> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
> >> >> SESSION?
> >> >
> >> >
> >> > What about storing a unique ID in the cookie, and matching it up with
> >> > information for that user in a database. It's sort of simulating a
> >> > sessions, but without the session handler getting involved, which looks
> >> > slightly messed up from what you've said.
> >> >
> >> > Thanks,
> >> > Ash
> >> > http://www.ashleysheridan.co.uk
> >>
> >> Blast your speedier typing!! =P
> >>
> >> ~Philip
> >>
> >
> > By the power of Kenco!
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
>
> I hope you don't kiss your mother with that mouth!!
>


Not a coffee man? :p

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-x5sDw6I/dQUGtOaHScw6--

Re: cookies and carts

On Mon, Dec 07, 2009 at 02:39:28PM -0800, Allen McCabe wrote:

> I have a shopping cart type system set up which keeps track of the cart
> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> equal to the quantity, so the name/value pair is all the information I need.
>
> But sessions are unreliable on the free server I am currently using for this
> website (not my choice), so I had start using cookies because users were
> being sporadically logged out, sometimes just on a page refresh.
>
> I want to find a way to set a cookie to remember the cart items as well, and
> I thought setting a cookie for each item/quantity pair was the way to go
> until I started trying to figure out how to unset all those cookies if the
> user empties their cart.
>
> Is there any way to set cookies with an array for the name? Intead of
> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
> SESSION?

First, don't use multiple cookies; already covered elsewhere. Second,
you can serialize/unserialize array data and store it compactly in a
cookie. See the serialize() and unserialize() functions on php.net.

Paul

--
Paul M. Foster

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: cookies and carts

Allen McCabe schreef:
> I have a shopping cart type system set up which keeps track of the cart
> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> equal to the quantity, so the name/value pair is all the information I need.
>
> But sessions are unreliable on the free server I am currently using for this
> website (not my choice), so I had start using cookies because users were
> being sporadically logged out, sometimes just on a page refresh.
>
> I want to find a way to set a cookie to remember the cart items as well, and
> I thought setting a cookie for each item/quantity pair was the way to go
> until I started trying to figure out how to unset all those cookies if the
> user empties their cart.
>
> Is there any way to set cookies with an array for the name? Intead of
> $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
> SESSION?

1. use one cookie for this (and other data)
2. DO NOT USE serialize()/unserialize() to pack/extract the data

using unserialize() opens you up to alsorts of potential hacks (IMHO), keep the data
structure simple and revalidate it's entire contents everytime you read it in
(assuming your article ids are INTs, all the data should be [valid] INTs - anything
else and the cookie should be deleted).

here is some code to play with: (written directly in my email client, no garantees is
parses or works as is)


function buildCookieCartStr(array $data)
{
$out = array();
foreach ($data as $artId => $quant)
$out[] = $artId.':'.$quant;

return join('|', $out);
}

function parseCookieCartStr($s)
{
$data = array();
$items = explode('|', $s);

if (!is_array($items))
return killCookieCart();

if (count($items)) foreach ($items as $item) {
$item = explode(':', $item);

if (is_array($item) || count($item) !== 2)
return killCookieCart();

foreach ($item as $v)
if (!$v || ($v != (int)$v))
return killCookieCart();

if (!isValidArtId($item[0]) || ($item[1] < 1)
return killCookieCart();

if (isset($data[ $item[0] ]))
return killCookieCart();

$data[ $item[0] ] = $item[1];
}

return $data;
}

function killCookieCart()
{
// TODO: delete cookie
}

function isValidArtId($id)
{
return true; // TODO: valid article id
}

?>

you can secure your code further by using the filter extension in combination
with a regexp filter in order to retrieve the cookie data from the request,
here's a regexp that matches only non empty strings with digit, colon and pipe chars:

#^[\d:\|]+$#




PS - hello again list.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: cookies and carts

Allen McCabe wrote:
> I have a shopping cart type system set up which keeps track of the cart
> contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
> equal to the quantity, so the name/value pair is all the information I need.
>
> But sessions are unreliable on the free server I am currently using for this
> website (not my choice), so I had start using cookies because users were
> being sporadically logged out, sometimes just on a page refresh.

Have access to a database?
If yes, then run your own session management in the database.

This is what I use.
You don't want to use APC on a multiuser system, but this works without
APC as well.

//require_once("sessions_apc.php");
//$sess = new SessionManager($mdb2);
//session_start();

// from :
// http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Dat abase/
// Rich Smith - 2007-05-02
//
// Modified by mpeters@mac.com to use mdb2 w/ prepared statements
// and attempt to use caching

class SessionManager {
public $sesstable = 'new_sessions';
private $life_time;
private $mdb2;
// CHANGE THE SALT BEFORE USING
private $apcSalt = '2d8lyds45a@&0KLybafz';
private $apcMaxLife = 1500; // delete from cache after that many seconds
// even if session still active
function SessionManager($mdb2) {
// constructor function
// Read the maxlifetime setting from PHP
$this->life_time = get_cfg_var("session.gc_maxlifetime");
$this->mdb2 = $mdb2;

// Register this object as the session handler
session_set_save_handler(
array( &$this, "open" ),
array( &$this, "close" ),
array( &$this, "read" ),
array( &$this, "write"),
array( &$this, "destroy"),
array( &$this, "gc" )
);
}

function open($save_path,$session_name) {
global $sess_save_path;
$sess_save_path = $save_path;
// Don't need to do anything. Just return TRUE.
return true;
}

function close() {
return true;
}

function read($id) {
// Set empty result
$data = '';
$myreturn = $this->wrap_fetch($id);
if (! $myreturn) {
// Fetch session data from the selected database
$time = time();
$types = Array('text','integer');
$q = 'SELECT session_data FROM ' . $this->sesstable . ' WHERE
session_id=? AND expires > ?';
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
// if(PEAR::isError($sql)) {
// die('Failed to make prepared 58: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$args = Array($id,$time);
$rs = $sql->execute($args);
// if(PEAR::isError($rs)) {
// die('Failed to issue query 63: ' . $rs->getMessage() . ',
' . $rs->getDebugInfo());
// }
if ($rs->numRows() > 0) {
$row = $rs->fetchRow(MDB2_FETCHMODE_OBJECT);
$myreturn = $row->session_data;
} else {
$myreturn = '';
}
}
return $myreturn;
}

function write($id,$data) {
// Build query
$time = time() + $this->life_time;

// see if a session exists
$sessTest = wrap_fetch($id);
if (! $sessTest) {
$types = Array('text');
$q = 'SELECT COUNT(session_id) from ' . $this->sesstable . '
WHERE session_id=?';
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_RESULT);
//if (PEAR::isError($sql)) {
// die('Failed to make prepared 86: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$args = Array($id);
$rs = $sql->execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 91: ' . $rs->getMessage() . ', '
.. $rs->getDebugInfo());
// }
$row = $rs->fetchRow(MDB2_FETCHMODE_ORDERED);
$count = $row[0];
} else {
$count = 1;
}

if ($count > 0) {
// update the session
$types = Array('text','integer','text');
$q = 'UPDATE ' . $this->sesstable . ' SET session_data=?,
expires=? WHERE session_id=?';
$args = Array($data,$time,$id);
} else {
$types = Array('text','text','integer');
$q = 'INSERT INTO ' . $this->sesstable . '
(session_id,session_data,expires) VALUES (?,?,?)';
$args = Array($id,$data,$time);
}
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_MANIP);
//if(PEAR::isError($sql)) {
// die('Failed to make prepared 111: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$rs = $sql->execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 115: ' . $rs->getMessage() . ', '
.. $rs->getDebugInfo());
// }
$this->wrap_store($id,$data);
return TRUE;
}

function destroy($id) {
// Build query
$this->wrap_delete($id);
$types = Array('text');
$args = Array($id);
$q = 'DELETE FROM ' . $this->sesstable . ' WHERE session_id=?';
$sql = $this->mdb2->prepare($q,$types,MDB2_PREPARE_MANIP);
//if(PEAR::isError($sql)) {
// die('Failed to make prepared 129: ' . $sql->getMessage() .
', ' . $sql->getDebugInfo());
// }
$rs = $sql->execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 133: ' . $rs->getMessage() . ', '
.. $rs->getDebugInfo());
// }
return TRUE;
}

function gc() {
// Garbage Collection
// Build DELETE query. Delete all records who have passed the
expiration time
$sql = 'DELETE FROM ' . $this->sesstable . ' WHERE expires <
UNIX_TIMESTAMP();';
$rs = $this->mdb2->execute($sql);
// Always return TRUE
return true;
}

// APC functions
function obfus($id) {
// this reduces odds of session hijacking if
// a cracker manages to get a dump of apc keys
$key = 'sess_' . sha1($this->apcSalt . $id);
return $key;
}

function wrap_delete($id) {
$key = $this->obfus($id);
if (function_exists('apc_delete')) {
apc_delete($key);
}
return true;
}

function wrap_fetch($id) {
$key = $this->obfus($id);
if (function_exists('apc_fetch')) {
$data = apc_fetch($key);
return $data;
} else {
return false;
}
}

function wrap_store($id,$data) {
$key = $this->obfus($id);
$expires = $this->life_time;
if ($expires < 1) {
// keep it in cache for 1 minute
$expires = 60;
} elseif ($expires > $this->apcMaxLife) {
// keep it in cache for
$expires = $this->apcMaxLife;
}
if (function_exists('apc_store')) {
apc_store($key,$data,$expires);
}
return true;
}

}

// CREATE TABLE new_sessions (
// session_id varchar(32) NOT NULL default '',
// session_data text,
// expires int(11) NOT NULL default '0',
// PRIMARY KEY (session_id)
// ) ENGINE = MYISAM;
?>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP Upgrade Problem

Folks,

I upgraded from PHP 5.2.6 to 5.3.1 on my test machine. Pretty easy, just
installed FastCGI for IIS6, installed PHP 5.3.1 and entered the .php ext
stuff into IIS6.

Now I tried it on my production box. No go. Although the web extension
"FastCGI Handler" can be enabled with no problems, PHP doesn't work. I
get an error in the application log:

EventID: 1000
Source: Application Error
Faulting application php-cgi.exe, version 5.3.1.0, faulting module
php5ts.dll, version 5.3.1.0, fault address 0x000f4d40.

Does anyone have any ideas?

Thanks!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php