[ic] Retain shopping cart after browser restart

Grant emailgrant at gmail.com
Thu Dec 3 13:34:58 UTC 2015 

>> >>> I noticed that Interchange loses the session once the browser is closed
>> >>> and re-opened.  Is there a way to make it persistent so that the shopping
>> >>> cart contents are retained like Amazon?
>> >>
>> >>
>> >> It looks like I may be out of luck as far as keeping sessions persistent:
>> >>
>> >>
>> >> http://www.icdevgroup.org/pipermail/interchange-users/2011-January/052595.html
>> >>
>> >> If so, is there a preferred method of retaining shopping cart contents in
>> >> the same browser across sessions without requiring the user to log in?  If
>> >> there is not, should I simply use set-cookie to save the current cart
>> >> contents at every page load and read-cookie whenever creating a new session?
>> >
>> >
>> > In that email from Mike that you pointed to, he pointed at how to do it
>> > (while also explaining why it's not the default).
>> >
>> > You need to set an expiration date on the MV_SESSION_ID cookie so it will
>> > persist after the browser is closed.
>> >
>> > You can do this by setting a GlobalSub in your interchange.cfg like this (to
>> > make the cookie last 1 week, for example):
>> >
>> > GlobalSub <<EOR
>> > sub set_cookie_expire {
>> >     $Vend::Expire = Vend::Config::time_to_seconds('1 week') + time();
>> >     return 1;
>> > }
>> > EOR
>> >
>> > And then running it on every page load by setting an Autoload in your
>> > catalog.cfg like this:
>> >
>> > Autoload set_cookie_expire
>>
>>
>> Hi Jon, thank you for the code.  I noticed that comment from Mike but
>> he referenced a related security issue which scared me off.  Do you
>> know what he was refering too?
>
> I think it's just that session cookies are supposed to expire at the end
> of the session, so it's counter-intuitive to keep them around longer.
> I'm not sure of security ramifications, but since it's not a login
> cookie, if it stays around after browser close, then any user data
> (collected during an order or order attempt) would be in there. This is
> a problem on public computers -- you can't "logout" of a session...
>
> I have just released cart-cookie support, which provides for saving cart
> info between sessions, when using the same browser:
> https://github.com/jdigory/interchange-extras/tree/master/cart-cookie
>
> It may be a more ideal solution to your problem than keeping session
> cookies around.


Very nice.  If I decide to set the expiration time of session cookies,
I can't think of anywhere a user's entered data is displayed in a
session besides on the checkout form.  If I prevent that, is their
data still potentially readable somehow?

- Grant

More information about the interchange-users mailing list