----- Original Message ----- From: "Jenda Krynicky" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 03, 2002 5:05 PM Subject: Re: Shopping cart 2
> From: "anthony" <[EMAIL PROTECTED]> > > what if the customer does NOT use cookies, i think you should make a > > file foreach custom with their IP address. and another script that > > check every now and then if the files has not been active for two > > whole hours then delete the file. > > > > Anthony > > Oh well ... bac to where we have been. > > IN this same thread someone already said that YOU CANNOT USE THE IP > ADDRESS TO IDENTIFY THE USER !!! I must have missed that post... A modified version of this IS very workable though. I have a client that does not allow cookies on his site (don't ask), and the workaround was an IP based session variable. IP.epoch.random. We ran into the dupe IP problem and solved it with the epcoh seconds followed by a random number of 1-10000000. Save the session info in a file/database (your choice here), then set this, and only this, as a hidden session id in the form. This eliminates the need that a lot of stores do of passing a large amount of hidden variables back and forth (not to mention the elimination of end users hacking those parameters). > And the person has given a few examples WHY you CAN'T. > Like firewalls and proxies. > > Actually it is not a good idea not only because two users can come > from the same IP address, but also because the same user may come > from a different IP address. Like if he's connected via AOL and is > using the AOL browser. > > If you cannot use cookies (not very likely) you have to embed the > session id into the URLs. There was no need to pass it in the URL, a hidden form var works just fine... > > See http://jenda.krynicky.cz/C/SessionID.txt for a discussion on the > posibilities. > > Jenda Shawn -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
