Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Really? This seems bizarre. Why no database or data store? Cookies or local storage are your only other options. These are the only client-side persistence you have on the web. Anything else must be managed on the server. But you sound like you're constructing a very strange solution. What's your stack?
-
spockula438yI know it sounds strange. It actually is, but I've got a client that doesn't want cookies and thinks localStorage is a possible threat. Will probably check out sessions though.
-
Ya cookies or local storage are you're only options man if your not persisting data on a db. Maybe some stuff with sessions though? Idk
-
@spockula Then you need to have a strong word with your client telling them that they don't know what they're talking about and they're asking you to build a car without using any nuts or bolts "because they might come loose".
-
sideways2438ypage1.php:
session_start();
if ( ! isset( $_SESSION['cart'] ) {
$_SESSION['cart'] = array();
}
<form method="post" action="page2.php">
<input type="text" name="name" value="<?= $_SESSION['cart']['name'] ?>" />
<input type="submit" value="proceed to page2" />
</form>
page2.php:
session_start();
$_SESSION['cart']['name'] = $_POST['name'];
<form method="post" action="page3.php">
<input type="text" name="lastname" value="<?= $_SESSION['cart']['lastname'] ?>" />
<input type="submit" value="proceed to page3" />
</form>
page3.php:
session_start();
$_SESSION['cart']['lastname'] = $_POST['lastname'];
print_r( $_SESSION['cart'] );
back to page1.php link to page1 and name is there, back to page2 and last name is there, then back to page3 and all the info is there -
@spockula FYI, sessions are stored using cookies. More specifically, the session data is stored on the server and a session ID is stored in a cookie on the client browser.
-
Bikonja23868y@Gogeta70 except you can send the session id via query string instead of storing it in cookies. However, security wise, that's terrible and you should talk to your client about not meddling with the technical aspects - they are your job. Be sure to set the session cookie as secure (you are using https, right?) and http only and it becomes much more secure than anything your client will have you do, even though cookies CAN be insecure if not done properly.
Note that setting a cookie to http only means it won't be editable via javascript, it doesn't have anything to do with https which is what the secure attribute is for (if it's true the cookie will only ever be sent if the page is https) -
@Bikonja Yeah, but there's not a whole lot of difference between sending the session ID in the GET request and in a cookie header, except that a cookie is persistent. Anyway, https is the best way to go to prevent session hijacking.
-
Bikonja23868y@Gogeta70 anybody can copy paste the URL, even on accident, but spoofing a cookie is always intentional.
-
@Bikonja True, and displaying your cookies in your address bar isn't the most secure practice XD
-
I suppose one way would be to use a flat file database and associate shopping cart data with the user in some way, such as a login id. This has to be implemented carefully and will not perform well with large volumes of data though. You'd be better off using a regular database like MySQL.
-
RTRMS37898yWhen you mfirst met this client, was it in a Faraday cage? Was he wearing a tinfoil hat, constantly looking around, maybe fidgeting, insisting you take a train, a car, 3 busses and a taxi to get to him?
Just wondering if there were any warning signs that he was a lunatic one wrong word away from a 5150. -
sideways2438yyou can always connect to another servers sql if you really want that.
And if you are scared of session hijacking build a secure session registry...
All that really matters is that do you need it real secure, and how likely it is that someone is willing to do all that hacky stuff on that website in the first place.
Not saying that you dont have to code like everyone can get in the backend of the horses ass, but just saying that there's too much thinking going on, just build the damn thing with localstorage, sessions or anothers sql server and be done with it...
It's gone from a simple how do i build a cart with no sql, to who has the biggest balls about certain technologies, sorry for this comment rant, but pisses me off sometimes.
Related Rants
Does anyone know how to create a cart across different pages, keeping track of them without a Database? I'm almost going crazy!
undefined
e-commerce
javascript
project
html