[ic] Retain shopping cart after browser restart

Josh Lavin jlavin at endpoint.com
Wed Dec 2 16:41:54 UTC 2015 

Quoting Grant (emailgrant at gmail.com):
> >>> I noticed that Interchange loses the session once the browser is closed
> >>> and re-opened.  Is there a way to make it persistent so that the shopping
> >>> cart contents are retained like Amazon?
> >>
> >>
> >> It looks like I may be out of luck as far as keeping sessions persistent:
> >>
> >>
> >> http://www.icdevgroup.org/pipermail/interchange-users/2011-January/052595.html
> >>
> >> If so, is there a preferred method of retaining shopping cart contents in
> >> the same browser across sessions without requiring the user to log in?  If
> >> there is not, should I simply use set-cookie to save the current cart
> >> contents at every page load and read-cookie whenever creating a new session?
> >
> >
> > In that email from Mike that you pointed to, he pointed at how to do it
> > (while also explaining why it's not the default).
> >
> > You need to set an expiration date on the MV_SESSION_ID cookie so it will
> > persist after the browser is closed.
> >
> > You can do this by setting a GlobalSub in your interchange.cfg like this (to
> > make the cookie last 1 week, for example):
> >
> > GlobalSub <<EOR
> > sub set_cookie_expire {
> >     $Vend::Expire = Vend::Config::time_to_seconds('1 week') + time();
> >     return 1;
> > }
> > EOR
> >
> > And then running it on every page load by setting an Autoload in your
> > catalog.cfg like this:
> >
> > Autoload set_cookie_expire
> 
> 
> Hi Jon, thank you for the code.  I noticed that comment from Mike but
> he referenced a related security issue which scared me off.  Do you
> know what he was refering too?

I think it's just that session cookies are supposed to expire at the end
of the session, so it's counter-intuitive to keep them around longer.
I'm not sure of security ramifications, but since it's not a login
cookie, if it stays around after browser close, then any user data
(collected during an order or order attempt) would be in there. This is
a problem on public computers -- you can't "logout" of a session...

I have just released cart-cookie support, which provides for saving cart
info between sessions, when using the same browser:
https://github.com/jdigory/interchange-extras/tree/master/cart-cookie

It may be a more ideal solution to your problem than keeping session
cookies around.

-- 
Josh Lavin
End Point Corporation

More information about the interchange-users mailing list