I am working on an e-merce website. When the user is not logged into my website and clicks on "Buy Now" button, I want to store this information into the cookie as well as in the database. The table for the shopping cart looks like

SHOPPING_CART 
(
     sessionid   int(10), 
     itemid      int(10), 
     quantity    tinyint(10) unsigned
     date_added  datetime
);

Primary key is: (sessionid, itemid)

When the user closes the browser then also the shopping cart items should be preserved. Now my question is the following:

1. When the user is not logged into my website, on what basis I should identify the user?
2. Should I store the information using the IP address? If yes then HOW? In this case sessionid in the above mentioned table would be the IP address of the user. Right?
3. Should I create a temporary session for each and every user who visits my website and then store the information? If yes then HOW?
4. How can the shopping cart items be preserved even when the user closes the browser window? Should I retrieve from database or cookie?
5. Any other better method to store and retrieval of the information?

Note1: I can use plenty of Shopping Cart softwares/codes/libraries available. But I want to know: How to identify the user? And storing/retrieval of data.

Note2: The price of each item, ordering, shipping information all are stored in different tables.

I am working on an e-merce website. When the user is not logged into my website and clicks on "Buy Now" button, I want to store this information into the cookie as well as in the database. The table for the shopping cart looks like

SHOPPING_CART 
(
     sessionid   int(10), 
     itemid      int(10), 
     quantity    tinyint(10) unsigned
     date_added  datetime
);

Primary key is: (sessionid, itemid)

When the user closes the browser then also the shopping cart items should be preserved. Now my question is the following:

1. When the user is not logged into my website, on what basis I should identify the user?
2. Should I store the information using the IP address? If yes then HOW? In this case sessionid in the above mentioned table would be the IP address of the user. Right?
3. Should I create a temporary session for each and every user who visits my website and then store the information? If yes then HOW?
4. How can the shopping cart items be preserved even when the user closes the browser window? Should I retrieve from database or cookie?
5. Any other better method to store and retrieval of the information?

Note1: I can use plenty of Shopping Cart softwares/codes/libraries available. But I want to know: How to identify the user? And storing/retrieval of data.

Note2: The price of each item, ordering, shipping information all are stored in different tables.

• php
• javascript
• mysql
• session

2 Answers 2

1. All you can do is create a unique fake identity for the user
2. No. Multiple users may have the same IP address, and a single user may change its IP address
3. Yes. PHP will create a session for you as soon as you ask to start a session. You must associate an identity with this session. Just use a random number, or a UUID generator, or something like that to generate something unique and not easily guessable. Then store the identity in a cookie so that when the user es back some time later, you can re-associate his identity with the new session.
4. I would just store the identity in the cookie. A cookie only holds a small amount of information, and may be modified by the user without you knowing it.
5. If the users don't log in, I don't see any other way.

the only thing you have to do is set the sessionid into a client-cookie. if a customer returns and presents a sessionid cookie you update your cart table with his new sessionid (and set the new sessionid in the cookie).

1. session (that's what it is for)
2. no
3. 'temporary session'?
4. the cart is in the database
5. better in what sense? secure? robust? user friendly?