Saving IP Address and Browser user agent -- make it stop?

This is an archive of old posting to the User Forum

Saving IP Address and Browser user agent -- make it stop?

Postby Eddie Caplan » Wed Jan 14, 2004 9:09 pm

I'm using ShopSite v7 Pro.

It is my understanding that ShopSite saves the customer's IP Address
and Browser User Agent variable. These are saved on the server and not
in cookies, all in an attempt to support users who have cookies turned
off.

The shopping cart's contents, before the customer has checked out
completely, are saved on the server (and not in a cookie) using this
information.

But the problem is that if a group of users is on a local LAN behind a
router, then they will all have the same IP address. If they are in
any kind of organization that maintains some consistency of their
people's desktop environment, then many of them will have the same
browser. Thus, all of these users will appear to be the same user!

Even in my home network, where everything is networked behind our DSL
modem, two of the machines appear to be identical. I started adding
things to the shopping cart on one machine, and those items appeared in
the shopping cart on the other machine!

Were this some kind of an institution that had dozens, hundreds, or
thousands of people all behind a single IP address, the situation would
be intolerable. My client is ready to bail out of ShopSite because of
this one point. He expects to make a number of sales to institutions
that (we hope and expect) would have several people making orders at
the same time.

So, finally, my questions:

1. Is there any way to make ShopSite stop using this info, since the
data it collects is clearly not unique. (We'll accept the losses from
people who have cookies turned off, or, perhaps we'll warn such users
of the risks).

2. Is there any workaround?

3. Why (my client is looking over my shoulder as I write this) do
ShopSite's merchants put up with this? Surely someone besides us has
discovered this problem before.

Thanks in advance,
Eddie
Eddie Caplan
 

Re: Saving IP Address and Browser user agent -- make it stop

Postby loren_d_c » Wed Jan 14, 2004 11:15 pm

Your understanding is only partially correct. ShopSite will FIRST
attempt to set a cookie that contains a unique number that will identify
the particular shopper with their shopping cart file on the server.
Only if cookies are disabled (and the numbers of internet shoppers that
disable cookies are probably statistically pretty small, although I
don't have the numbers handy) will ShopSite revert to IP tracking, or a
combination of IP and User Agent tracking as you mention.

The likelihood of a real-world situation where multiple shoppers are
browsing the same store with cookies off and from behind the same IP is
going to be pretty small, in fact I have never heard of that situation
being encountered by actual shoppers (and I don't say this lightly,
there are some very high volume sites using ShopSite, x10.com (yeah,
those annoying pop-up ad guys) being one of the biggest examples). It
may occur on multiple computers in your office, but you are in a
somewhat unique situation as a developer of the site.

You can further decrease the likelihood by changing the setting in
Commerce Setup -> Order System -> Shopping Cart (ShopSite Pro only) for
the number of days to keep unfinished cart to a lower number (the
default is 7 days, minimum allowed is 1 day) so that uncompleted
shopping cart files will be cleaned up more often, further decreasing
the chances that a shopper with cookies off would encounter the cart of
someone else with cookies off who has the same IP address.

If you expect to do business with specific companies that might have a
problem with this method, you could either notify these companies that
they should enable cookies in their browsers (if they aren't already),
or perhaps you can even put a JavaScript check for cookies on the
shopping cart screen that tells people they might want to enable
cookies. If I were you I would not bother your shoppers with this unless
the issue is brought up by actual shoppers. If you still have concerns,
I would recommend talking to your host, who also hosts hundreds of other
ShopSite's.

-Loren



Eddie Caplan wrote:
I'm using ShopSite v7 Pro.

It is my understanding that ShopSite saves the customer's IP Address
and Browser User Agent variable. These are saved on the server and not
in cookies, all in an attempt to support users who have cookies turned
off.

The shopping cart's contents, before the customer has checked out
completely, are saved on the server (and not in a cookie) using this
information.

But the problem is that if a group of users is on a local LAN behind a
router, then they will all have the same IP address. If they are in
any kind of organization that maintains some consistency of their
people's desktop environment, then many of them will have the same
browser. Thus, all of these users will appear to be the same user!

Even in my home network, where everything is networked behind our DSL
modem, two of the machines appear to be identical. I started adding
things to the shopping cart on one machine, and those items appeared in
the shopping cart on the other machine!

Were this some kind of an institution that had dozens, hundreds, or
thousands of people all behind a single IP address, the situation would
be intolerable. My client is ready to bail out of ShopSite because of
this one point. He expects to make a number of sales to institutions
that (we hope and expect) would have several people making orders at
the same time.

So, finally, my questions:

1. Is there any way to make ShopSite stop using this info, since the
data it collects is clearly not unique. (We'll accept the losses from
people who have cookies turned off, or, perhaps we'll warn such users
of the risks).

2. Is there any workaround?

3. Why (my client is looking over my shoulder as I write this) do
ShopSite's merchants put up with this? Surely someone besides us has
discovered this problem before.

Thanks in advance,
Eddie
loren_d_c
 
Posts: 2571
Joined: Fri Aug 04, 2006 12:02 pm
Location: Anywhere

Re: Saving IP Address and Browser user agent -- make it stop

Postby Eddie Caplan » Thu Jan 15, 2004 6:39 am

Loren,

Thank you for your detailed and intelligent reply. But something must be
wrong, because on my machines at home I encountered the problem of mixed
shopping carts, and I DO have cookies enabled on both machines.

These machines are Macintosh, running Mac OS 8.6, using Microsoft Internet
Explorer v5.0. We have a DSL modem with a dynamically assigned IP address
from our ISP. Also in our configuration is an Apple Airport Extreme, which
acts as an internal router.

The store is ShopSite Pro v7.

Thank you for any help you can give,
Eddie



in article bu57le$v6a$1@support.shopsite.com, Loren at loren_d_c@yahoo.com
wrote on 1/14/2004 11:15 PM:

Your understanding is only partially correct. ShopSite will FIRST
attempt to set a cookie that contains a unique number that will identify
the particular shopper with their shopping cart file on the server.
Only if cookies are disabled (and the numbers of internet shoppers that
disable cookies are probably statistically pretty small, although I
don't have the numbers handy) will ShopSite revert to IP tracking, or a
combination of IP and User Agent tracking as you mention.

The likelihood of a real-world situation where multiple shoppers are
browsing the same store with cookies off and from behind the same IP is
going to be pretty small, in fact I have never heard of that situation
being encountered by actual shoppers (and I don't say this lightly,
there are some very high volume sites using ShopSite, x10.com (yeah,
those annoying pop-up ad guys) being one of the biggest examples). It
may occur on multiple computers in your office, but you are in a
somewhat unique situation as a developer of the site.

You can further decrease the likelihood by changing the setting in
Commerce Setup -> Order System -> Shopping Cart (ShopSite Pro only) for
the number of days to keep unfinished cart to a lower number (the
default is 7 days, minimum allowed is 1 day) so that uncompleted
shopping cart files will be cleaned up more often, further decreasing
the chances that a shopper with cookies off would encounter the cart of
someone else with cookies off who has the same IP address.

If you expect to do business with specific companies that might have a
problem with this method, you could either notify these companies that
they should enable cookies in their browsers (if they aren't already),
or perhaps you can even put a JavaScript check for cookies on the
shopping cart screen that tells people they might want to enable
cookies. If I were you I would not bother your shoppers with this unless
the issue is brought up by actual shoppers. If you still have concerns,
I would recommend talking to your host, who also hosts hundreds of other
ShopSite's.

-Loren



Eddie Caplan wrote:
I'm using ShopSite v7 Pro.

It is my understanding that ShopSite saves the customer's IP Address
and Browser User Agent variable. These are saved on the server and not
in cookies, all in an attempt to support users who have cookies turned
off.

The shopping cart's contents, before the customer has checked out
completely, are saved on the server (and not in a cookie) using this
information.

But the problem is that if a group of users is on a local LAN behind a
router, then they will all have the same IP address. If they are in
any kind of organization that maintains some consistency of their
people's desktop environment, then many of them will have the same
browser. Thus, all of these users will appear to be the same user!

Even in my home network, where everything is networked behind our DSL
modem, two of the machines appear to be identical. I started adding
things to the shopping cart on one machine, and those items appeared in
the shopping cart on the other machine!

Were this some kind of an institution that had dozens, hundreds, or
thousands of people all behind a single IP address, the situation would
be intolerable. My client is ready to bail out of ShopSite because of
this one point. He expects to make a number of sales to institutions
that (we hope and expect) would have several people making orders at
the same time.

So, finally, my questions:

1. Is there any way to make ShopSite stop using this info, since the
data it collects is clearly not unique. (We'll accept the losses from
people who have cookies turned off, or, perhaps we'll warn such users
of the risks).

2. Is there any workaround?

3. Why (my client is looking over my shoulder as I write this) do
ShopSite's merchants put up with this? Surely someone besides us has
discovered this problem before.

Thanks in advance,
Eddie
Eddie Caplan
 

Re: Saving IP Address and Browser user agent -- make it stop

Postby Norman » Thu Jan 15, 2004 12:07 pm

I don't use Macintosh so this may not help. However, in the world of
windows both the web browser and firewall have separate settings. Either
can be configured to block cookies so I would check to see if both are
allowing cookies.

Norman
1 Ocean Boulevard
http://www.web8.com/ocean


"Eddie Caplan" <eddiec@stararcher.com> wrote in message
news:BC2BE63E.78%eddiec@stararcher.com...
Loren,

Thank you for your detailed and intelligent reply. But something must be
wrong, because on my machines at home I encountered the problem of mixed
shopping carts, and I DO have cookies enabled on both machines.

These machines are Macintosh, running Mac OS 8.6, using Microsoft Internet
Explorer v5.0. We have a DSL modem with a dynamically assigned IP address
from our ISP. Also in our configuration is an Apple Airport Extreme,
which
acts as an internal router.

The store is ShopSite Pro v7.

Thank you for any help you can give,
Eddie



in article bu57le$v6a$1@support.shopsite.com, Loren at loren_d_c@yahoo.com
wrote on 1/14/2004 11:15 PM:

Your understanding is only partially correct. ShopSite will FIRST
attempt to set a cookie that contains a unique number that will identify
the particular shopper with their shopping cart file on the server.
Only if cookies are disabled (and the numbers of internet shoppers that
disable cookies are probably statistically pretty small, although I
don't have the numbers handy) will ShopSite revert to IP tracking, or a
combination of IP and User Agent tracking as you mention.

The likelihood of a real-world situation where multiple shoppers are
browsing the same store with cookies off and from behind the same IP is
going to be pretty small, in fact I have never heard of that situation
being encountered by actual shoppers (and I don't say this lightly,
there are some very high volume sites using ShopSite, x10.com (yeah,
those annoying pop-up ad guys) being one of the biggest examples). It
may occur on multiple computers in your office, but you are in a
somewhat unique situation as a developer of the site.

You can further decrease the likelihood by changing the setting in
Commerce Setup -> Order System -> Shopping Cart (ShopSite Pro only) for
the number of days to keep unfinished cart to a lower number (the
default is 7 days, minimum allowed is 1 day) so that uncompleted
shopping cart files will be cleaned up more often, further decreasing
the chances that a shopper with cookies off would encounter the cart of
someone else with cookies off who has the same IP address.

If you expect to do business with specific companies that might have a
problem with this method, you could either notify these companies that
they should enable cookies in their browsers (if they aren't already),
or perhaps you can even put a JavaScript check for cookies on the
shopping cart screen that tells people they might want to enable
cookies. If I were you I would not bother your shoppers with this unless
the issue is brought up by actual shoppers. If you still have concerns,
I would recommend talking to your host, who also hosts hundreds of other
ShopSite's.

-Loren



Eddie Caplan wrote:
I'm using ShopSite v7 Pro.

It is my understanding that ShopSite saves the customer's IP Address
and Browser User Agent variable. These are saved on the server and not
in cookies, all in an attempt to support users who have cookies turned
off.

The shopping cart's contents, before the customer has checked out
completely, are saved on the server (and not in a cookie) using this
information.

But the problem is that if a group of users is on a local LAN behind a
router, then they will all have the same IP address. If they are in
any kind of organization that maintains some consistency of their
people's desktop environment, then many of them will have the same
browser. Thus, all of these users will appear to be the same user!

Even in my home network, where everything is networked behind our DSL
modem, two of the machines appear to be identical. I started adding
things to the shopping cart on one machine, and those items appeared in
the shopping cart on the other machine!

Were this some kind of an institution that had dozens, hundreds, or
thousands of people all behind a single IP address, the situation would
be intolerable. My client is ready to bail out of ShopSite because of
this one point. He expects to make a number of sales to institutions
that (we hope and expect) would have several people making orders at
the same time.

So, finally, my questions:

1. Is there any way to make ShopSite stop using this info, since the
data it collects is clearly not unique. (We'll accept the losses from
people who have cookies turned off, or, perhaps we'll warn such users
of the risks).

2. Is there any workaround?

3. Why (my client is looking over my shoulder as I write this) do
ShopSite's merchants put up with this? Surely someone besides us has
discovered this problem before.

Thanks in advance,
Eddie

Norman
 

Re: Saving IP Address and Browser user agent -- make it stop

Postby Eddie Caplan » Thu Jan 15, 2004 12:21 pm

Interesting. My Macs' browsers have the ShopSite cookies in their
cookie lists. Would blocked cookies make it inbound to the browser but
be blocked from being sent outbound?

BTW, the names of the cookies on both Macs have the same names and
contents:

name: ss_cart_0001144687
content: |linecnt:2|qntytotal:2 <... etc ...>

name: ss_return_info
content: tax:-1|zip:none <... etc ...>

Is there any significance that the cookies have the same name? Or does
that have no bearing on any of this?

Thanks for everybody's help,
Eddie



In article <bu6kt1$dcc$1@support.shopsite.com>, Norman <Shop@web8.com>
wrote:

I don't use Macintosh so this may not help. However, in the world of
windows both the web browser and firewall have separate settings. Either
can be configured to block cookies so I would check to see if both are
allowing cookies.

Norman
1 Ocean Boulevard
http://www.web8.com/ocean


"Eddie Caplan" <eddiec@stararcher.com> wrote in message
news:BC2BE63E.78%eddiec@stararcher.com...
Loren,

Thank you for your detailed and intelligent reply. But something must be
wrong, because on my machines at home I encountered the problem of mixed
shopping carts, and I DO have cookies enabled on both machines.
Eddie Caplan
 

Re: Saving IP Address and Browser user agent -- make it stop

Postby Eddie Caplan » Thu Jan 15, 2004 12:34 pm

I should also point out that, as far as I know, I have had no
cookie-related trouble from either of these machines at other sites.


In article <150120041221470685%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:

Interesting. My Macs' browsers have the ShopSite cookies in their
cookie lists. Would blocked cookies make it inbound to the browser but
be blocked from being sent outbound?

BTW, the names of the cookies on both Macs have the same names and
contents:

name: ss_cart_0001144687
content: |linecnt:2|qntytotal:2 <... etc ...

name: ss_return_info
content: tax:-1|zip:none <... etc ...

Is there any significance that the cookies have the same name? Or does
that have no bearing on any of this?

Thanks for everybody's help,
Eddie



In article <bu6kt1$dcc$1@support.shopsite.com>, Norman <Shop@web8.com
wrote:

I don't use Macintosh so this may not help. However, in the world of
windows both the web browser and firewall have separate settings. Either
can be configured to block cookies so I would check to see if both are
allowing cookies.

Norman
1 Ocean Boulevard
http://www.web8.com/ocean


"Eddie Caplan" <eddiec@stararcher.com> wrote in message
news:BC2BE63E.78%eddiec@stararcher.com...
Loren,

Thank you for your detailed and intelligent reply. But something must be
wrong, because on my machines at home I encountered the problem of mixed
shopping carts, and I DO have cookies enabled on both machines.
Eddie Caplan
 

Re: Saving IP Address and Browser user agent -- make it stop

Postby Norman » Thu Jan 15, 2004 3:03 pm

The problem is not the one that I mentioned then. Someone with knowledge
about how cookies function on a Mac and in detail using ShopSite will have
to pick up here.

Norman
1 Ocean Boulevard
http://www.web8.com/ocean

"Eddie Caplan" <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote in message
news:150120041234155570%eddiec_NOSPAM@NOSPAM_stararcher.com...
I should also point out that, as far as I know, I have had no
cookie-related trouble from either of these machines at other sites.


In article <150120041221470685%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:

Interesting. My Macs' browsers have the ShopSite cookies in their
cookie lists. Would blocked cookies make it inbound to the browser but
be blocked from being sent outbound?

BTW, the names of the cookies on both Macs have the same names and
contents:

name: ss_cart_0001144687
content: |linecnt:2|qntytotal:2 <... etc ...

name: ss_return_info
content: tax:-1|zip:none <... etc ...

Is there any significance that the cookies have the same name? Or does
that have no bearing on any of this?

Thanks for everybody's help,
Eddie



In article <bu6kt1$dcc$1@support.shopsite.com>, Norman <Shop@web8.com
wrote:

I don't use Macintosh so this may not help. However, in the
world of
windows both the web browser and firewall have separate settings.
Either
can be configured to block cookies so I would check to see if both are
allowing cookies.

Norman
1 Ocean Boulevard
http://www.web8.com/ocean


"Eddie Caplan" <eddiec@stararcher.com> wrote in message
news:BC2BE63E.78%eddiec@stararcher.com...
Loren,

Thank you for your detailed and intelligent reply. But something
must be
wrong, because on my machines at home I encountered the problem of
mixed
shopping carts, and I DO have cookies enabled on both machines.
Norman
 

Re: Saving IP Address and Browser user agent -- make it stop

Postby Eddie Caplan » Thu Jan 15, 2004 5:54 pm

Following up on whether or not my cookies are being blocked or not, and
other suggestions, I've done the following:

1) I wrote a Javascript program to set and read cookies, and installed
it on our store's server. (Source code is below).

2) I deleted all the cookies, cleared the caches, and deleted the
History from both machines' browsers.

3) I ran the cookie-test program on both machines and they are happily
writing and reading cookies. It works just fine.

4) I removed my customized Shopping Cart template, and removed the
customizations from Commerce Setup-> Customize Ordering System->
Shopping Cart page.

5) I AGAIN deleted all the cookies, cleared the caches, and deleted the
History from both machines' browsers.

6) ShopSite is still having the problem of mixing the contents of the
shopping carts on the two machines.

7) SOMETHING I HADN"T NOTICED BEFORE: I'm getting Javascript errors in
the shopping cart page when I press the "Recalculate" button:

Line: 66 (the line number changes, depending on how
many items I have in the shopping cart)
Char: 3
Error: "undefined" is undefined

Line 66 (and the following few lines) are:

if ((document.order.coupon_code != undefined) && (button ==
"152")) {
if (document.order.coupon_code.value == "") {
alert("Please fill in " + "Coupon code:");

========================================
Here is the source code for my cookie test program:
========================================
<html>
<head>
<title>Cookie Test</title>
<meta name="Author" content="Eddie Caplan; Star Archer
Incorporated">

<script language="JavaScript" type="text/javascript">
<!--
function setCookie(name, value, expires) {
document.cookie = escape(name) + "=" + escape(value) +
"; path=/" +
((expires == null) ? "" : "; expires=" +
expires.toGMTString());
}

function getCookie(name) {
var cookiename = name + "=";
var dc = document.cookie;
var begin, end;

if (dc.length > 0) {
begin = dc.indexOf(cookiename);
if (begin != -1) {
begin += cookiename.length;
end = dc.indexOf(";", begin);
if (end == -1) {
end = dc.length;
}
return unescape(dc.substring(begin, end));
}
}
return null;
}

function deleteCookie(name) {
document.cookie = name + "=; expires=Thu, 01-Jan-70
00:00:01 GMT" + "; path=/";
}
//-->
</script>
</head>


<body>
<script language="JavaScript" type="text/javascript">
<!--
var cookieName = "saCookieTest";
var cookieExpire = new Date();

// this function will set the cookie when the user fills in
the text box and hits "Submit"
function processForm(form) {
cookieExpire.setTime(cookieExpire.getTime() + (60 * 60
* 1000)); // cookie expires in one hour
setCookie(cookieName, form.thestring.value,
cookieExpire);
}

if (getCookie(cookieName) != null) {
document.write('Hm... it seems you have one of my
cookies: ' + getCookie(cookieName) + '<br><br>');
document.write('<form onSubmit="deleteCookie(\'' +
cookieName + '\');">');
document.write(' <input type="submit" value="Forget
The String">');
document.write('</form>');
} else {
document.write('<div align="left"');
document.write(' style="border-left: 2px solid
#00CC66;');
document.write(' border-right: 2px solid
#00CC66;');
document.write(' border-top: 2px solid
#00CC66;');
document.write(' border-bottom: 2px solid
#00CC66;');
document.write(' padding: 10px;');
document.write(' width: 300px;">');
document.write('I do not seem to know you.<br><br>');
document.write('<form name="cookieform"
onSubmit="processForm(this);">');
document.write(' Give me a cookie string:<br>');
document.write(' <input type="text"
name="thestring"><br>');
document.write(' <input type="submit" value="Save
The String">');
document.write('</form>');
document.write('</div>');
}
//-->
</script>
</body>
</html>
Eddie Caplan
 

Re: Saving IP Address and Browser user agent -- make it stop

Postby Eddie Caplan » Fri Jan 16, 2004 9:37 pm

SOLVED!

For everyone who has been following my saga, this mystery has been
solved. Many thanks to the support crew at LexiConn, my ShopSite and
eCommerce hosting provider. They have been terrific.

The problem turned out to be my "bright idea" to popup a new window
whenever the user viewed, or added anything to, the shopping cart.
When they "returned to the store", I would simply close the window. I
did this because I liked the separation of the Store from the rest of
our site, which has lots of other components to it besides selling.

This popup was, apparently, confusing the store's cookie management.

I rewrote the site to stop the popup and everything is fine now. Well,
almost. I'm still getting the Javascript error I mentioned when the
user clicks on the "Recalculate" button, but that is a footnote as this
point. And, I'd still prefer to have the popup. So if ShopSite is
listening, please think about it.

Again, thanks to LexiConn and to Loren and Norman. If you ever find
yourself in Fairfield Iowa, stop by and I'll buy you a cuppa. After
the caucuses.

Eddie


In article <140120042109024187%eddiec_NOSPAM@NOSPAM_stararcher.com>,
Eddie Caplan <eddiec_NOSPAM@NOSPAM_stararcher.com> wrote:

I'm using ShopSite v7 Pro.

It is my understanding that ShopSite saves the customer's IP Address
and Browser User Agent variable. These are saved on the server and not
in cookies, all in an attempt to support users who have cookies turned
off.

The shopping cart's contents, before the customer has checked out
completely, are saved on the server (and not in a cookie) using this
information.

But the problem is that if a group of users is on a local LAN behind a
router, then they will all have the same IP address. If they are in
any kind of organization that maintains some consistency of their
people's desktop environment, then many of them will have the same
browser. Thus, all of these users will appear to be the same user!

Even in my home network, where everything is networked behind our DSL
modem, two of the machines appear to be identical. I started adding
things to the shopping cart on one machine, and those items appeared in
the shopping cart on the other machine!

Were this some kind of an institution that had dozens, hundreds, or
thousands of people all behind a single IP address, the situation would
be intolerable. My client is ready to bail out of ShopSite because of
this one point. He expects to make a number of sales to institutions
that (we hope and expect) would have several people making orders at
the same time.

So, finally, my questions:

1. Is there any way to make ShopSite stop using this info, since the
data it collects is clearly not unique. (We'll accept the losses from
people who have cookies turned off, or, perhaps we'll warn such users
of the risks).

2. Is there any workaround?

3. Why (my client is looking over my shoulder as I write this) do
ShopSite's merchants put up with this? Surely someone besides us has
discovered this problem before.

Thanks in advance,
Eddie
Eddie Caplan
 


Return to User Forum Archive

Who is online

Users browsing this forum: No registered users and 76 guests