[ic] displaying a users basket to an external script

interchange-users@icdevgroup.org interchange-users@icdevgroup.org
Fri Oct 18 09:00:03 2002 

On Fri, Oct 18, 2002 at 10:04:02AM +0100, John Allman wrote:
> Hi - i need to be able to show the contents of a users basket to a script 
> that is called from another website. The idea is that users ariving on this 
> "portal" website will be able to shop on our site among others. our site 
> will be loaded in a frame and a paramater will be passed to us via a http 
> GET to identify that the user is browsing from this portal site. when the 
> user reaches the checkout our site will call a script on the portal site 
> which will in turn call a script on our site to display the basket in a 
> specified xml format for them to parse.
> 
> The issue then is identifying the correct basket and doing it in as secure 
> a manner as possible. The way that springs to mind is to use the session id 
> to identify the correct basket. we could then pass the session id to their 
> script and when they passed it back to us we could display the correct 
> basket.

You can do it with LWP and won't need to understand much IC.

"Security" is a different issue.  Sessions are tracked by IP and domain,
so if the customer moves between sites his session will change.  You can
overcome that by assigning your own id which points to the session and 
tracking it externally.  When you get to checkout and ssl it will be
more problematic.

> 
> Now my understanding of how interchange handles sessions is poor at best. i 
> believe it either maintains the session by appending an id string to each 
> URL or by cookies. Could i use this id string to load up the same session 
> from another ip address (the portal site in this case)? Can i get this 
> string by using [read-cookie]? ie is the string stored in the cookie the 
> same as the id string appended to the URL?

Cookies won't do the whole job if you are crossing domains.

Have you considered aggregating the content into one site or treating
it like a mall instead?

> 
> I read this post: 
> http://www.icdevgroup.org/pipermail/interchange-users/2000-October/001375.html which seems to be along the same lines as what i'm trying to do but it doesn't go into the details of handling the session.
> 
> Is what i'm suggestion a bad way to do things? If so - what might be a good 
> idea? If not - how would i actually go about implementing it? Am i working 
> along the right lines now?
> 
> Any advice would be appreciated
> 
> thanks
> 
> John
> 
> 
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
> 

-- 

Christopher F. Miller, Publisher                               cfm@maine.com
MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
1.207.657.5078                                         http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux