session id uniqueness

jjonje

I am using Session Ids as my shopping cart and order ids because I had thought that Session Ids were unique. For example, when a customer places an item into the cart that item along with the Session Id is stored in a table called 'Carts' and when the customer checks out the Session Id is stored in the 'Orders' table. When I need to check a customers order I select all the carts with the same Session Id as the order.

The problem is that I have had a few different customers that generated the same exact Session Id which screws up everything!

How can I generate a unique Id that will NOT be duplicated by other customers!!!

devinemke

i usually use timestamps for generating unique numbers, this also has the added benefit of seeing exactly when the order was placed.

i might suggest you rethink your logic here. setup 2 tables: "items" and "orders", each with an auto_incrementing integer as the primary key field. collect all the cart items and store them in the session while the user is shopping. then, when the user checks out, insert a new record in your orders table and use mysql_insert_id (assuming your using mySQL) to fetch the order id. then use that to insert multiple entries in the items table that relate back to the common order id. this is a pretty standard way of doing a relational database. you know each order id and item id will be unique because they are auto_incrementing.

jjonje

Thanks Devin. Let me expand a bit on the problem:

I do have two tables that are generating incrementing ids - CARTS and ORDERS. While a customer is shopping each item that they "add to cart" is stored in the CARTS table along with the session id. When a customer views thier shopping cart the items are pulled from the CARTS table dependant on the session id and displayed on the screen. If an item in the CARTS table has the same session id as the current customer but does not belong to the current customer then the current customer deletes the item and it is now lost forever! The item that was deleted belongs to another order!

So my ultimate question is while a customer is shopping and they "add to cart" an item of thier choice, how should that item be stored in the CARTS table so that I can access it along with all the other items that the customer might purchase in a single visit for the final order?

Thanks in advance!

devinemke

well then, why not combine the session_id with the timestamp:

$unique_id = session_id() . '_' . time();

store that in the table to track the order. it's nearly impossible that two users would have the same session_id at the exact same second.

i typically don't store the shopping cart contents in a table at all. i simply store everything in the session until checkout.

jjonje

Thanks again Devin! I am going to use the session id along with a timestamp to track everything.

With the site I am working on it would be very hard to store all the shopping cart info in the session. The products themselves are being custom built by the customers and have a lot of different variables.

laserlight

Actually, the session id should be unique, otherwise multiple users would be sharing the same session, but then if one session no longer exists another could use the same session id.
Still seems a little strange though, but either way using an auto increment primary key column is better.

That said, you could give this a try for unique ids:

$token = sha1(uniqid(mt_rand(), true));

jjonje

Laserlight,
Using your unique id generator:

$token = sha1(uniqid(mt_rand(), true));

I know what the mt_rand function is but what is the "sha1" and the "uniqid".

laserlight

Read the PHP Manual:

[man]sha1/man
[man]uniqid/man

ahundiak

Better recheck your code. The value returned by session_id() will always be unique (as laserlight said). Fooling around with unique and what not will not help.

Weedpacket

And attaching the timestamp won't make any difference either: PHP's default session id generator already uses the current time (to the microsecond).

jjonje

What I ended up doing, for now any way, is use the session id and a session variable 'shoppingDate' that is generated from the time() fuction to keep track of the customers orders. If the customer does place the order then the session id and the shoppingDate variable are stored with some other data in the Orders table. Then to access all the items in a particular order I use a select statement that selects any items in the Carts table that match the session id AND the shoppingDate variable.

This should work for the time being as a 'quick fix' until I rework some things.