Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Knowing which cookie to use???

Status
Not open for further replies.
wixsas

wixsas

Programmer
May 23, 2007
12
AU
Hi I'm currently writing a shopping cart style program which allows users to login , purchase songs and then logout with their balance being decremented depending on whether they purchased anything. I have a database called sessions.db which keeps track of their cookie id (a random number), their username, contents that they've purchased and their balance.
At the moment my program creates a cookie if there are none already on the pc and lets them do all the above just fine.
However, if another user logs on, then my if statement says "If there is a cookie on this machine, use those details". Therefore the cookie created by the first user is always used. I'm sure that it has something to do with my if statement and i have to somehow look into the database and say "If there is a cookie on this computer and it's value is the same as a cookie id in the database, then use that cookie".

This is the code I have atm. You will see my if statement is "if ($cookie) " which is only looking to see if a cookie is on the pc.

sub set_cookie {

my $dbh = DBI->connect("DBI:SQLite:sessions.db")
or die "Cannot connect: " . $DBI::errstr;

$cookie = $q->cookie('cart_id');

if ("$cookie") {
print $q->header;
} else {
$cart_id = int(rand 1e9);
$cookie = $q->cookie( -name => "cart_id",
-value => "$cart_id",
-expires => "+6M" );

$sth = $dbh->prepare("insert into sessions values (?, ?, 0, 50)") or die "Cannot prepare";
$sth->execute($cart_id, $username) or die "Cannot execute";
$sth->finish;

print $q->header(-cookie=>$cookie);
$cookie = $cart_id;
}

}

Is someone able to give me a hand on how to do this keeping in mind i don't really want to change my code a whole lot.

Cheers everyone
 
Sort by date Sort by votes
So, why don't you just use a DB call to compare their cookie's value with one that exists on the server?

And as a side note, it's generally not a good idea to rely on cookies for a shopping cart, because anybody with a cookie editor (there are plugins for Firefox for editing your cookies, for instance) can change what the cookies read, so e.g. they could change the prices of everything in their cart to $0 if you used the cookies for that.

If the user already has a username, why not make the cookie be based on just that (their username) and be just to see if they're logged in? Then you store the shopping cart on the server side where the user can't edit it, the only cookie the user has is one that has his username on it (you'd want another cookie for the password, or an even more thoroughly encrypted session ID based on the username and/or password), and based on whether he's logged in or not, the site can save and restore the shopping cart from the server-side file.

-------------
Cuvou.com | The NEW Kirsle.net
 
Upvote 0 Downvote
Yeh i did try that but because the username is only entered once as soon as i press a submit button for a form inside the website it resets the $username to null. Which means from then on everytime i try to retrieve the cookie value ie: $cookie = q->cookie($username) it can't get to it because $username is now null.

I know there are security flaws but i am not really worried about them at the moment.
I would just like my program to run and depending on what username is entered, load up the appropriate cookie stored on the pc.

For example if i logged in as admin then it would create a cookie for admin with a random value and would then create a record in a table with that value, the username, contents and balance. If that user logged out and back in it would retrieve that specific cookie.

Then if another user such as "JIM" logged in, it would create a seperate cookie for jim, creating a value and storing his details as a record in the database.

As you can see from my code I am able to do everything except determine which cookie to use, and because i have the if statement of "if ($cookie)" then it is never creating 2 cookies which would be needed for 2 users.

Thanks mate
 
Upvote 0 Downvote
You should use a combination of sessions and cookies. Sessions to store all the data on the server side and a cookie to keep track of your session on the client side.
 
Upvote 0 Downvote
I am storing the sessions in a database on the server side but that is not the issue.
All i want to know is what i can use in that IF statement to check which user the cookie relates to.
 
Upvote 0 Downvote
The sessionid (cartID) is the primary key in the database and the value in the cookie.
 
Upvote 0 Downvote
If you read that tutorial it explains everything.. trust me :) Makes the whole cookie/session id stuff easy. Just store your primary key in your session id instead of your cookie.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rob54321
  • Locked
  • Question
Perl how to read line from file with interpolation 1
Replies
6
Views
343
rob54321
rob54321
Dino_1000
  • Locked
  • Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
153
Dino_1000
Dino_1000
newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
203
mikrom
mikrom
ss_ham
  • Locked
  • Question
in Perl find call looking to exclude folder and ignore duplicate finds.
Replies
2
Views
197
ss_ham
ss_ham
dan
  • Locked
  • Question
add a variable to subject in formmail.pl
Replies
6
Views
202
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top