Unable to access cookie anymore

[mungyun]

Ok, i've never seen a problem like this before and have no idea on what i need to do to fix it.

A friend of mine has a web page that has a list of products and next to them has two check boxes. One is a compare and the other is add so shopping cart. When you hit the compare check box a cookie gets filled with all of the ones you checked just fine. Even if you uncheck something, it correctly removes it from the cookie. You can also browse to another page, check other compare check boxes, browse back to the previous page and you are still just fine. All of those cookie entries are done browserside with JS and work just fine.

Well, once you choose to check out with whatever items you have, a call gets made to the server and the server changes the cookie to include a little info on what the items in your cart are. All is fine and dandy except if you decide you want to go back and compare or add/remove items from the cart. Client side cant access the cookie anymore and change anything.

From everything ive heard, you should be able to access the cookie from anything as long as its the same site that originally made the cookie, which it is.

Any ideas?

ps: I'm heading out the door so this was a little rushed, if you need any more explanation or code snippets, let me know. Thanks!

[oofki]

So..
-Client goes to site and creates cookie based on selection
-Server reads cookie and generates a page depending on the users selection
-Client reads cookie again and now it does work right?

Maybe try having the server set the cookie again so it reads the cookie, displays the information, then sets the same cookie that was on the client in the first place. Maybe that is an easy work around?

[t34b4g5]

what is the session cookie expirey set to? maybe up the expirery so that you can go back and forth.

[nihil]

It sounds as if the problem is server side as it is apparently locking the cookie prematurely.

In theory it should do this when it has confirmed the payment instructions (Credit Card?).

I don't know how it is supposed to work but I have certainly seen systems where you go to the payment screen and cannot return. You either pay or start over.

I would guess that this is by design. You tell it you want to check out and it takes you at your word and locks the cookie. Perhaps you should look at inserting a confirmation/warning screen at this point?

Is all of this taking place over a secure link or does checking out take you to the secure link?

[mungyun]

So..
-Client goes to site and creates cookie based on selection
-Server reads cookie and generates a page depending on the users selection
-Client reads cookie again and now it does work right?

Maybe try having the server set the cookie again so it reads the cookie, displays the information, then sets the same cookie that was on the client in the first place. Maybe that is an easy work around?

basically once the cookie is changed and accessed by the server, the client can no longer edit it. from everything ive read it should be able to no problem. Also the reason that the site is doing most of cookie work client side is for caching purposes.

The cookie expiration isnt the problem either. it has plenty of time set.

Nihil, Yes the idea is that the cookie should be locked after payment instructions (securely). The cookie gets locked even before the payment method. Its in the checkout page where it shows you what you put in your cart and either tells you to log in to pay or shows you payment methods for you to choose from. It would for security reasons, make sense that the cookie gets locked after the server made changes and not allow the client to change it anymore for obvious reasons. I havent found any articles yet to back that up but im still looking.

[nihil]

Hi mungyun,

Sorry, I forgot to ask: is this a bespoke/home grown application, or is it off the shelf?

This is a simple applications logic problem as far as I can see. If it is a COTS application I would look at the manual and the settings options. If not then you will need to alter the process logic to suit your requirement.

It seems reasonable to me that once you have chosen a payment method then the cart should be locked. As soon as you leave the mall and go to the payment page that should also lock it.

My advice: check the program logic documentation and data flow diagrams. You might even get mileage out of the data dictionary as I presume the system sets flags? Of course you do use a structured design development and documentation methodology?..........don't you?

I think that it might be a good idea to walk through the whole business process logic?

To be honest I don't see what the problem is........... if people have enough brains to shop on line, they have the brains to know when to close their trolley? Then all they have to do is accept and pay, or cancel the whole transaction.