PHP Passing User Through URL / Search Engines

superwormy

I'm in the middle of building a shopping cart app which lets users put things in their shopping cart ( data is store in MySQL ) and the app keeps track of them by assigning them a random user id.

I'm using funky search engine friendly urls to do this, so my links look like this:

href="index.php/user/62623623626"

Which is all find and dandy. BUT I'm worried what will happen when search engines spider my website? The search engine will only be using that one userid. So that means anyone that comes from teh search engine will have that userid also... so people that came from the same search engine would probably be sticking things in other peoples shopping cart and it could get realllllllllly messy...

Any ideas how I could fix this / avoid this problem?

PHPdev

One question...

Why are you storing the shopping cart data in the database, rather in a session variable, and then enter the data in to the db once the purchase is made?

PHPdev

superwormy

Would that help solve my problem? I don't understand... please explain more I don't know anything about Sessions!

I am trying to avoid using Cookies, however I guess I could if I had to. I'd like to pass the UserID through the URL. If I pass sessions through the URL, then I will still end up having bunches of people using the Search Engines Session ID yes?

PHPdev

Sessions are basically a set of global variables which remain in memory as long as the user is on the site. Thus each unique user has thier own set of variables. Meaning you can store the products in their shopping cart while they are browsing the products, instead of storing them in the database. Now one issue with this is that if the user leavs the site and comes back their cart will be empty. If you want to store items in the cart when the user leavs then I sugest using cookies.

With either of these solutions you only need to get a unique uername for each user when they go to finilaize thier purchases. To pull up information such as billing and shipping addresses. Once the purchas is complete you can then enter items in their shopping cart into the database.

There is a tutorial on Session Variables at http://www.trios.org/php/sessions/ and if you search google you can find many more....

Let me know if this helps...

PHPdev

superwormy

Ok... so one thing I don't understand... how do I sustain a certain Session ID across a set of pages?

Do I pass the Session ID through the URL... I see that I don't neccessarily need to use cookies...

But if I still have to pass the Session ID through the URL... then I will still end up the same problem I have now, that there could be multiple users coming from a search engine which will all end up using the same Session ID...

I would prefer to store the cart items in the database, it would make things easier for me given how some other things work.

Thanks!

PHPdev

You dont have to pass the session id at all... That is the nice thing about sessions... The session id is something that the client and server negotiate between each individual session (or time the user opens their browser). These are not per page variables, rather they remain while the user is on your site. The user can even have multiple browsers open and the session variables for your site will remain. Thus if you have several users on your site at once, all comming from the same link on (oh lets say) google, each will have their own set of variables. PHP has a set of functions that will help you handel sessions, just look in the functions list or in the documentation for sessions.

All you would really need is an array to store the product ID, for the items in the users cart.

Hope this helps... Let me know if you need more...

PHPdev

superwormy

Hrm... very cool :-)

I think that'll solve my problem. The PHP manual is confusing in that it says this in it:

Passing the Session ID
There are two methods to propagate a session id:

URL parameter

Which made me think that I needed to pass it from page to page... but if I don't need to... then that'd rock. Now I just gotta figure out how to set and access the things. Thanks dude!

tha_mink

This may help you understand a little more...it is taken from this helpfull sessions article

<?php
  // Initialize a session. This call either creates 
  // a new session or re-establishes an existing one.
  session_start(  );

  // If this is a new session, then the variable
  // $count will not be registered
  if (!session_is_registered("count")) 
  {
    session_register("count");
    session_register("start");

$count = 0;
$start = time(  );
  } 
  else 
  {
    $count++;
  }

  $sessionId = session_id(  );

?>
<!DOCTYPE HTML PUBLIC 
   "-//W3C//DTD HTML 4.0 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd" >
<html>
  <head><title>Sessions</title></head>
  <body>
    <p>This page points at a session 
        (<?=$sessionId?>)
    <br>count = <?=$count?>.
    <br>start = <?=$start?>.
    <p>This session has lasted 
      <?php 
        $duration = time(  ) - $start; 
	echo "$duration"; 
      ?> 
      seconds.
  </body>
</html>

superwormy

How come all these tutorials keep trying to show me how to pass the sesson ID through the URL if you don't need to pass the variable at all to keep track of a session ID...?

Just wondering...?

tha_mink

When you initialize a session, php sends a cookie automatically in the header response. The cookie only contains the $PHPSESSID. It doesn't contain any data you may be storing in the session. If you want to code for users that have cookies disabled you need to pass the session id via the url. This is still no big deal as every session id is different therefore solving your search engine issue. When the spider comes to crawl...it will be assigned a unique session and won't deal with other clients cart contents.

(of course you could use Robots.txt to ask spiders to not crawl "/order.php"....bad robots will disregard it but still...google won't hit it every week.)

So if your cart url is .."/order.php" you can just make it "/order.php?PHPSESSID=$PHPSESSID". If the session is not started (assuming you have session_start() on "/order.php") the server will start a new session with a unique session id otherwise session_start() will resume a existing session.

That said...most people who do any online shopping will accept cookies as it is fairly standard for developers of shopping carts to use em.(even though maybe they shouldn't count on em.)

The beauty of sessions is that they can't be spoofed as easily as the session_id is unique and the data is stored on the server rather than on the client.