[ic] displaying a users basket to an external script

Ed LaFrance interchange-users@icdevgroup.org
Fri Oct 18 11:31:03 2002 

At 10:04 AM 10/18/2002 +0100, you wrote:
>Hi - i need to be able to show the contents of a users basket to a script 
>that is called from another website. The idea is that users ariving on 
>this "portal" website will be able to shop on our site among others. our 
>site will be loaded in a frame and a paramater will be passed to us via a 
>http GET to identify that the user is browsing from this portal site. when 
>the user reaches the checkout our site will call a script on the portal 
>site which will in turn call a script on our site to display the basket in 
>a specified xml format for them to parse.
>
>The issue then is identifying the correct basket and doing it in as secure 
>a manner as possible. The way that springs to mind is to use the session 
>id to identify the correct basket. we could then pass the session id to 
>their script and when they passed it back to us we could display the 
>correct basket.
>
>Now my understanding of how interchange handles sessions is poor at best.

Well, that's something you'll need to brush up on if you plan to do this :-)

>  i believe it either maintains the session by appending an id string to 
> each URL or by cookies. Could i use this id string to load up the same 
> session from another ip address (the portal site in this case)? Can i get 
> this string by using [read-cookie]? ie is the string stored in the cookie 
> the same as the id string appended to the URL?

I don't think cookies are going to come into play much here. You can get 
the same user session from different remote IP's by passing the session ID 
in the URL and having WideOpen set to Yes in interchange.cfg. It does 
degrade security, and I can tell you from experience that programming 
things like this is a pain in the *ss.

- Ed L.



>I read this post: 
>http://www.icdevgroup.org/pipermail/interchange-users/2000-October/001375.html 
>which seems to be along the same lines as what i'm trying to do but it 
>doesn't go into the details of handling the session.
>
>Is what i'm suggestion a bad way to do things? If so - what might be a 
>good idea? If not - how would i actually go about implementing it? Am i 
>working along the right lines now?
>
>Any advice would be appreciated
>
>thanks
>
>John
>
>
>_______________________________________________
>interchange-users mailing list
>interchange-users@icdevgroup.org
>http://www.icdevgroup.org/mailman/listinfo/interchange-users

===============================================================
New Media E.M.S.              Technology Solutions for Business
463 Main St., Suite D         eCommerce | Consulting | Hosting
Placerville, CA  95667        edl@newmediaems.com
(530) 622-9421                http://www.newmediaems.com
(866) 519-4680 Toll-Free      (530) 622-9426 Fax
===============================================================