[pmwiki-devel] ZAPcart question...

The Editor editor at fast.st
Tue Mar 20 12:50:22 CDT 2007


On 3/20/07, Ben Stallings <ben at interdependentweb.com> wrote:
> Dan wrote,
> > In ZAPcart, the shopping cart stores their order information in a wiki
> > page connected to their authid.  However, I don't want to require
> > users to create a full-fledged members account to use the store.  So
> > I'm thinking I would log them in under a temporary AuthId keyed to
> > some 10 digit random number or maybe Guest131224232.
>
> I suggest using the session ID.  Since ZAP uses cookies extensively,
> anybody who's using ZAPcart will have a session ID, which is
> sufficiently long and random for your purposes, and has the added
> benefit of expiring along with the cookie.  print_r($_SESSION) to see
> it.  --Ben

This is a great idea, and would save me some trouble.  No need to
login, etc.  In fact, this way the store could operate regardless of
your authentication scheme...  However, printing out $_SESSION just
gives me the session array, and there's no ID in it as far as I can
tell...

Ahh, I think I might use strtoupper(substr(session_id(), 0, 12)) or
something similar for the order data.  Or maybe combine with a
timestamp so there's no chance of duplicates...

Couple quick questions.
1)  Each user gets assigned a unique session_ide when the visit the site?
2)  Is there anything that might cause that number to be changed?
3)  What about login/logout.  Will it change anything?

I don't want multiple users having the same number of course, and I
don't want their data lost somewhere along the way either.  Of course
if I use a timestamp, everything goes caput at midnight...  Like
Cinderella.

Anyway, this was a great idea. Thanks Ben!

Cheers,
Dan



More information about the pmwiki-devel mailing list