SESSION MANAGEMENT AND SHOPSITE INTEGRATION
Posted: Fri Sep 17, 2004 11:01 pm
I wrote an Order API script, which captures information about my customers
member id along with the details of their completed purchase. The script
then goes on to update my site's database. The customer member id is from
my site, not part of the Shopsite Customer Registration process, which I
have disabled as explained at the bottom of my post below.
My existing web site was around before I added on the Shopsite capabilities.
My site is powered by PHP and a postgresql database.
My site already uses sessions with cookies to pass information about a
logged in customer from page to page and update the appropriate database
records based on their actions.
I am not sure if Shopsite uses sessions along with the cookies to keep user
identity straight from page to page.
When my OrderApi script called session_start(), and I echo my website
variables (user id, login session number, etc), they are empty. However, I
go back to my site and see that the variables still exist and are not empty.
So I postulated that my Order API script was starting another session for
some unknown reason or it was perhaps confused with a Shopsite session. I
went back to my own site and decided to name every session by calling
session_id("name"). I also call this named session in my Order API script.
From that point, it seemed to work like a champ. When I log in a test user
on my site and make a purchase with Shopsite, I can now update the right
user's records in my database with all the purchase info.
I knew it was too easy! Now what happens is that every test person who logs
into my site accessess the same session cookie on my server because they are
all using the same session name called by session_id(). The naming of the
session is transparent to the user.
Perhaps if I understood how Shopsite handled sessions (if they do) I will be
able to figure out how to get the Order API script working without having to
name my site's sessions. When you don't name the session, php
session_start() creates a random filename for the server side cookie, which
holds the session variables. Although there are several ways to associate
this server cookie with the browsing session, I am using cookies. The
cookie stored on my client only stores the session name which is the name of
the server side session file.
Alternatively, I was thinking about other ways to propagate the session
variables to the Order API script. I thought I could do this with a
form-type POST, but I think it can only be passed file to file. So it seems
I could pass the variables to the shopping cart, but from that point on I
don't think I can pass them to the billing screen, then to my script called
by the Order API etc. Perhaps I could embed the posting in the custom
pages, but I am not sure.
I realize Shopsite has it's own customer registration routine, but I do not
want to use it for the following reasons:
- my customers already have to log in to access the rest of my site.
- my database was developed around my site's membership info
- I can't connct directly to the shopsite database and use the information
located there in real time.
- I don't want to have my users log in twice. It woud be inconvenient and,
more seriously, they might not use the same login info as they did for my
site.
I would appreciate any comments anyone might have.
Tom
member id along with the details of their completed purchase. The script
then goes on to update my site's database. The customer member id is from
my site, not part of the Shopsite Customer Registration process, which I
have disabled as explained at the bottom of my post below.
My existing web site was around before I added on the Shopsite capabilities.
My site is powered by PHP and a postgresql database.
My site already uses sessions with cookies to pass information about a
logged in customer from page to page and update the appropriate database
records based on their actions.
I am not sure if Shopsite uses sessions along with the cookies to keep user
identity straight from page to page.
When my OrderApi script called session_start(), and I echo my website
variables (user id, login session number, etc), they are empty. However, I
go back to my site and see that the variables still exist and are not empty.
So I postulated that my Order API script was starting another session for
some unknown reason or it was perhaps confused with a Shopsite session. I
went back to my own site and decided to name every session by calling
session_id("name"). I also call this named session in my Order API script.
From that point, it seemed to work like a champ. When I log in a test user
on my site and make a purchase with Shopsite, I can now update the right
user's records in my database with all the purchase info.
I knew it was too easy! Now what happens is that every test person who logs
into my site accessess the same session cookie on my server because they are
all using the same session name called by session_id(). The naming of the
session is transparent to the user.
Perhaps if I understood how Shopsite handled sessions (if they do) I will be
able to figure out how to get the Order API script working without having to
name my site's sessions. When you don't name the session, php
session_start() creates a random filename for the server side cookie, which
holds the session variables. Although there are several ways to associate
this server cookie with the browsing session, I am using cookies. The
cookie stored on my client only stores the session name which is the name of
the server side session file.
Alternatively, I was thinking about other ways to propagate the session
variables to the Order API script. I thought I could do this with a
form-type POST, but I think it can only be passed file to file. So it seems
I could pass the variables to the shopping cart, but from that point on I
don't think I can pass them to the billing screen, then to my script called
by the Order API etc. Perhaps I could embed the posting in the custom
pages, but I am not sure.
I realize Shopsite has it's own customer registration routine, but I do not
want to use it for the following reasons:
- my customers already have to log in to access the rest of my site.
- my database was developed around my site's membership info
- I can't connct directly to the shopsite database and use the information
located there in real time.
- I don't want to have my users log in twice. It woud be inconvenient and,
more seriously, they might not use the same login info as they did for my
site.
I would appreciate any comments anyone might have.
Tom