Cookie Woes :0(

Re: Cookie Woes :0(

Mark wrote:[color=blue]
> O, woe is me, to have seen what I have seen, see what I see!
>
> (That's Shakespeare for those who were wondering what I'm on about)
>
>
>
> I am "having fun" with cookies.
>
> And I wonder if I have missed something obvious.
>
> I am writing a simple shopping cart that uses cookies.
>
> It works as I expected in IE6 (Microsoft, all is forgiven...)
>
> But it only half works in NN7, Firefox or Opera 7 (they are the only ones I
> have tested so far)
>
> Without pasting in reams of code, here is an overview of what it does.
>
> When the visitor clicks on BUY PRODUCT, a row is inserted into the ORDER
> TABLE that includes the cookie_id and product _id (amongst others)
>
> This works in perfectly all browsers.
>
> Next, a query is run to find all of the rows in the ORDER TABLE that have
> the user's cookie_id, and the results are output as a summary of the order.
>
> This works as expected in IE6 (Big up tha man like BillG)
>
> But gives me no results in any of the other browsers
>
> Any simple answers?
>
> TIA
>
> Mark
>
>[/color]
If at all possible, try to use sessions, they're not any harder than
cookies, and more secure. You can store the user's shopping list in a
serialized array, as to avoid the slow downs of MySQL access. Here's
some sample code:

When the user clicks Buy Product:
<?php
$_SESSION['list'][] = $product_id; //You get this ID from wherever the
user clicked Buy Product
?>

Make sure that you put session_start() ; at the top of every page of your
site, in order for your list to carry over if they add more items to the
list. Also, this is almost guaranteed to solve your browser woes.

--
Ivan Filippov

Re: Cookie Woes :0(

In comp.lang.php Mark <hahaha@hahaha. com> wrote:[color=blue]
> Next, a query is run to find all of the rows in the ORDER TABLE that have
> the user's cookie_id, and the results are output as a summary of the order.
>
> This works as expected in IE6 (Big up tha man like BillG)
>
> But gives me no results in any of the other browsers
>
> Any simple answers?[/color]

If you'd tell me you code doesn; work in anything but IE I'd say your
code is broken. So post some code, this specific part should be more
than a couple of lines (summarize).

Next get a packetsniffer and check for differences between data send
when using IE vs. all others.

FUP c.l.p.

Re: Cookie Woes :0(

On 4/7/05 3:20 PM, in article 8ni5e.919740$Xk .214042@pd7tw3n o, "Ivan
Filippov" <ivan.v.f@gmail .com> wrote:
[color=blue]
> If at all possible, try to use sessions, they're not any harder than
> cookies, and more secure.[/color]

Is this at all true? Aren't PHP sessions tracked by cookies (or alternately
in a GET-readable and therefore thoroughly insecure query string addition)?

I keep on hearing this about PHP sessions being more secure than cookies,
and I guess that's true if you're storing sensitive data in cookies rather
than storing a ID and keeping the sensitive data on the server, but I don't
know why anyone would want to rely that heavily on client-side cookies for
data storage anyway.

Just asking,


Steve

Re: Cookie Woes :0(

Hi Ivan

Thanks for your response...

I have used sessions quite a lot, but didn't want to force a log on, and
wanted visitors to be able to come back under a different session and
continue with their order... That's why I was experimenting with cookies.
However...

I have fixed it...

And I feel such a fool!

I feel quite ashamed even admitting to my mistake, but my counsellor told me
that honesty is the only true path to enlightenment, and who am I to
disagree?

<shame>

I hadn't put ' ' around the cookie_id variable in the query...

And under examination, I found that the HEX cookie_id that had been
generated for IE just happened to be a huge integer (so it worked without '
'), whilst the cookie_ids assigned to the other browsers all had characters
in it, so the fact that it worked in IE was a completer fluke. Bill didn't
have anything to do with it...

</shame>

Mark (suitably chastened)

"Ivan Filippov" <ivan.v.f@gmail .com> wrote in message
news:8ni5e.9197 40$Xk.214042@pd 7tw3no...[color=blue]
> Mark wrote:[color=green]
>> O, woe is me, to have seen what I have seen, see what I see!
>>
>> (That's Shakespeare for those who were wondering what I'm on about)
>>
>>
>>
>> I am "having fun" with cookies.
>>
>> And I wonder if I have missed something obvious.
>>
>> I am writing a simple shopping cart that uses cookies.
>>
>> It works as I expected in IE6 (Microsoft, all is forgiven...)
>>
>> But it only half works in NN7, Firefox or Opera 7 (they are the only ones
>> I have tested so far)
>>
>> Without pasting in reams of code, here is an overview of what it does.
>>
>> When the visitor clicks on BUY PRODUCT, a row is inserted into the ORDER
>> TABLE that includes the cookie_id and product _id (amongst others)
>>
>> This works in perfectly all browsers.
>>
>> Next, a query is run to find all of the rows in the ORDER TABLE that have
>> the user's cookie_id, and the results are output as a summary of the
>> order.
>>
>> This works as expected in IE6 (Big up tha man like BillG)
>>
>> But gives me no results in any of the other browsers
>>
>> Any simple answers?
>>
>> TIA
>>
>> Mark[/color]
> If at all possible, try to use sessions, they're not any harder than
> cookies, and more secure. You can store the user's shopping list in a
> serialized array, as to avoid the slow downs of MySQL access. Here's some
> sample code:
>
> When the user clicks Buy Product:
> <?php
> $_SESSION['list'][] = $product_id; //You get this ID from wherever the
> user clicked Buy Product
> ?>
>
> Make sure that you put session_start() ; at the top of every page of your
> site, in order for your list to carry over if they add more items to the
> list. Also, this is almost guaranteed to solve your browser woes.
>
> --
> Ivan Filippov[/color]

Re: Cookie Woes :0(

Mark wrote:[color=blue]
> Hi Ivan
>
> Thanks for your response...
>
> I have used sessions quite a lot, but didn't want to force a log on, and
> wanted visitors to be able to come back under a different session and
> continue with their order... That's why I was experimenting with cookies.
> However...
>
> I have fixed it...
>
> And I feel such a fool!
>
> I feel quite ashamed even admitting to my mistake, but my counsellor told me
> that honesty is the only true path to enlightenment, and who am I to
> disagree?
>
> <shame>
>
> I hadn't put ' ' around the cookie_id variable in the query...
>
> And under examination, I found that the HEX cookie_id that had been
> generated for IE just happened to be a huge integer (so it worked without '
> '), whilst the cookie_ids assigned to the other browsers all had characters
> in it, so the fact that it worked in IE was a completer fluke. Bill didn't
> have anything to do with it...
>
> </shame>
>
> Mark (suitably chastened)
>
> "Ivan Filippov" <ivan.v.f@gmail .com> wrote in message
> news:8ni5e.9197 40$Xk.214042@pd 7tw3no...
>[color=green]
>>Mark wrote:
>>[color=darkred]
>>>O, woe is me, to have seen what I have seen, see what I see!
>>>
>>>(That's Shakespeare for those who were wondering what I'm on about)
>>>
>>>
>>>
>>>I am "having fun" with cookies.
>>>
>>>And I wonder if I have missed something obvious.
>>>
>>>I am writing a simple shopping cart that uses cookies.
>>>
>>>It works as I expected in IE6 (Microsoft, all is forgiven...)
>>>
>>>But it only half works in NN7, Firefox or Opera 7 (they are the only ones
>>>I have tested so far)
>>>
>>>Without pasting in reams of code, here is an overview of what it does.
>>>
>>>When the visitor clicks on BUY PRODUCT, a row is inserted into the ORDER
>>>TABLE that includes the cookie_id and product _id (amongst others)
>>>
>>>This works in perfectly all browsers.
>>>
>>>Next, a query is run to find all of the rows in the ORDER TABLE that have
>>>the user's cookie_id, and the results are output as a summary of the
>>>order.
>>>
>>>This works as expected in IE6 (Big up tha man like BillG)
>>>
>>>But gives me no results in any of the other browsers
>>>
>>>Any simple answers?
>>>
>>>TIA
>>>
>>>Mark[/color]
>>
>>If at all possible, try to use sessions, they're not any harder than
>>cookies, and more secure. You can store the user's shopping list in a
>>serialized array, as to avoid the slow downs of MySQL access. Here's some
>>sample code:
>>
>>When the user clicks Buy Product:
>><?php
>>$_SESSION['list'][] = $product_id; //You get this ID from wherever the
>>user clicked Buy Product
>>?>
>>
>>Make sure that you put session_start() ; at the top of every page of your
>>site, in order for your list to carry over if they add more items to the
>>list. Also, this is almost guaranteed to solve your browser woes.
>>
>>--
>>Ivan Filippov[/color]
>
>
>[/color]
You can serialize the session too and store it in your DB along with an
IP of the user. Most users nowadays have Anti-SpyWare software
installed which removes unwanted cookies which makes return visits with
the same cookie unlikely, either way though, wish you luck. :)

--
Ivan Filippov

Re: Cookie Woes :0(

Steven M. Scotten wrote:[color=blue]
> On 4/7/05 3:20 PM, in article 8ni5e.919740$Xk .214042@pd7tw3n o, "Ivan
> Filippov" <ivan.v.f@gmail .com> wrote:
>
>[color=green]
>>If at all possible, try to use sessions, they're not any harder than
>>cookies, and more secure.[/color]
>
>
> Is this at all true? Aren't PHP sessions tracked by cookies (or alternately
> in a GET-readable and therefore thoroughly insecure query string addition)?
>
> I keep on hearing this about PHP sessions being more secure than cookies,
> and I guess that's true if you're storing sensitive data in cookies rather
> than storing a ID and keeping the sensitive data on the server, but I don't
> know why anyone would want to rely that heavily on client-side cookies for
> data storage anyway.
>
> Just asking,
>
>
> Steve
>[/color]
Quoth the PHP docs:
"A visitor accessing your web site is assigned an unique id, the
so-called session id. This is either stored in a cookie on the user side
or is propagated in the URL."

There are security risks with both methods, but good practice by the
user, such as logging out of the site before heading to another site
if using the URL propagation method. It's really up to the code monkey
in question concerning what they want to do, I personally find that
sessions are better for storing information, ease of access and
simplicity of implementation. Plus as I said in my reply to Mark,
sessions + DB works way better than cookies + DB. :)


--
Ivan Filippov

Re: Cookie Woes :0(

don't need any sort of logon to use sessions.

Also, in order to minimize the num of cookies I set on a users computer
I serialize an array and send that as the cookie.

I have send and write cookie funcs that automatically
serialize/deserialize if necessary