Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Shopping carts and logins

 
Stuart Bell
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,


I have a problem area similar to a shopping cart premise on an eCommerce site.

I have a 3rd party site who will post an XML document as part of an HTTP request to my server. I am using Struts so I will have the request captured by one of my Action classes. This action class will redirect the user to a login page before they can continue through the site. The XML, as part of the initial request, has to survive past the login page. My initial thought for this was to create a session first, before the login, and store the XML as part of the session. The only downside to this is that if the user decides not to login and closes the browser I will have a session sitting around with data in it until it expires, which may be 30-60 mins.

It is equivalent to a user using Amazon and adding books to their shopping cart. They then proceed to the checkout via a login screen. All the information in the shopping cart is retained in this process post-login. I presume that a session has already been created by the Amazon server during this process so that the book information can be persisted?

Does anyone have any thoughts on best practice for this at all?? The creating of the session would be the most obvious solution to this, but I am not sure it is the most elegant or efficient.

Any help would be most appreciated.

Thanks,

Stuart
 
Paul Bourdeaux
Ranch Hand
Posts: 783
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My guess would be to use sessions, similar to the way you described. If you are worried about the session sitting around and wasting resources for too long, set the session time out to a smaller value than 30-60 minutes. You can give them 5 minutes to log in, and then programmatically increase it to something more reasonable once they log in. Assuming the XML file that is being posted isn't extraordinarily huge, it shouldn't be too big of a strain on your server to maintain the session for a little while in the event that the client leaves.
 
Stuart Bell
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That sounds like an acceptable solution.

Thanks for the speedy reply!


Stuart
 
Sharad Agarwal
Ranch Hand
Posts: 167
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Alternatively:
1. If the XML is known to be small enough, you could set a cookie on the client browser. That way a session is only created post-login.
2. Make a hidden field on the login form and populate it with the XML. That way, the XML will be re-posted at login.

There are pros and cons to all three solutions (including the session timeout one). Your situation should dictate the best one.

Hope this helps.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic