Here is the idea for keep track of a user in an online-shopping website:
1 - When a user comes in for the first time, I'll create a random hash and I'll send this hash through a cookie to the user and simultaneously I'll create a user with this hash in my Users table.
In that table I will store many users data like: (and I use mongodb by the way)
* User page visit
* User choose products (means user cart in my shopping cart)
* User last login
and ....
2- When the same user comes again (say a day later), he will send that cookie (hash id) and I'll search into my database for that id and retrieve any data I want (e.g shopping-cart info).
I think this works fine and is a good way track the user (Do you agree on this?)
Problem :
What if a user cleans his browser history?
How do sites like youtube save our data (favourites and .... ) and even if I clear my browser or use another ip they had my favorites ready for me without logging into my account?
youtube-like sites store each and every details about the user interactions. For showing your favorites, your likes and other things it saves the data on the server. Whenever the user logs in, the users data will be shown. If you want to implement this, then it is better to go for cloud computing to manage data efficiently.
Related
I create an online store website
when user add some product to cart i save this information in session (if user not logged in)
and
when user logged in and select some product i insert them into table
is this true way?
can i store all information of user selected product in session?
I think the best way to go in this case is not using the database at all, but use cookies instead.
PHP Cookies
This way you don't have to query the database, and all data will be saved on the computer of the user. This will also keep the information for the people who are not logged in. Which will be more user friendly.
Better to store items in session (for both visitors or logged in people)
Only needeed of store them is only when they intend to buy the product.
On visit (even if user is loged in or not) you donot have to store them in db.
Further, use db only for values you have to refer in future.
I am working on a website where user clicks on a add buttons to get information about that topic. Currently, when user clicks on any add button i store the data in a cookie. For example,
Let's say the Topics are A, B, C, D and so on.
I store them in a cookie like - A,B,X,P,Z. In other words as a comma separated list. What I want to do is backup the preferences on server in a database. This way if the user clears cookies sometime i still have the data backed up. Also, the user will be able to login on other devices with same preferences.
If I connect to the database on every user click, I will hit the concurrent maximum connections list probably. Is there some way to do it efficiently?
Is there some other option altogether? I am looking for something like feedly where user clicks on add button and the preferences are saved.
How could I write a code for recently viewed products? I use a database to create dynamic pages and thought I could store the ID number in a session or cookie and pull the image and title from the database. Although I dodn't know if this would work. I would only want it to display the last 5 items viewed and not show any duplicates. Any Ideas?
If the user is logged in, you can create a table called 'userViews' providing the userID and the viewed productID.
Then, you can select a query using 'SELECT DISTINCT' on the productID. This will select unique values. (Check http://www.w3schools.com/sql/sql_distinct.asp)
If the user is not logged in, I suggest you do the same but instead of using a userID, try to find something unique from the user. You could try setting a cookie or session with a random (unique) number and link that to the database.
The conventional way would be to store within a cookie. If you can encrypt the cookie, do so.
Remember, a cookie can be modified by the user. The #1 rule is to never trust user input. All in all, be sure to validate the information before displaying or you'll open yourself up to the world of attacks.
Store the IDs in an array? Seperate by ',' or '.' -- do NOT create 100 different cookies for storing IDs.
You COULD also use SQL to store the views... but why use un-needed sql queries? SQL is for storage, long term. Session and cookies are for current actions.
There are 3 ways you can show recently viewed products. (Maybe some other way but these 3 are mostly used).
Based On IP
Store recently viewed in Cookies
Session ID
Based on IP
This isn't a good idea, it's because there is chance two people are using same router and the person who did not see the product would see the other person recent view. (You may use IP based to show other people like in your area. etc..).
Based on Cookies
By using cookies you are 100% sure that your are display recent product to the person who is visiting your sites, but not all users/visitors have enabled the cookies also cookies can easily edit and a security risk if you did not encrypt properly.
Session ID
You can generate a random user_id for a visitors and store this information in database like this:
start_session();
if(!$_SESSION['user_id']){
$_SESSION['user_id'] = rand(1, 1000000);
mysql_query('INSERT INTO products_recent (user_id) VALUES ('.$_SESSION['userid'].')');
}
Also, you can select/update the user product views and display to that users.
And you can easily clean database every 24 hours if you want, or you can use this data for analysis purpose.
Finally - Registered Users
If register users view your product I high recommend save in database and show these recent view product every time he/she visit your store.
I figure that this should be possible, as it is a requirement asked by my supervisor. There are a few types of accounts, one of them is a 'company' account which should allow anyone in the company who has these credentials to log in at the same time.
Now my question is, how do I store temporary data like:
(this is fictive)
shopping carts, keeping track of wizards,...
I suppose that I'll have to store this in the database?
What would be my best option. Link it to the unique session id?
Yes, you can store sessions in your database if you like. A nice way to do it, is by creating a sessions like table that stores states. Therefore, if you have a cart, you can have a cart table that represents what products the cart has and replay that after a user logs back in.
Session information isn't based on your account-system but on the system of the visitor (cookie). Unless you want all information to be shared across all users logged in on the company account (which I doubt) you shouldn't have to store any of the information in the database.
To store the data you can simply keep using session (as I suppose you already do for the 'normal' account.
I am developing the user management portion of a website that will host a webcast. The goal is to prrevent the same user nam (email address) from being used concurrently. That is, we don't want two individuals using one login to view the event.
I've already setup a table that holds the user registration data with regID as primary key. My thought is to create a login history table with username as primary key, foreign key to user name in registration table. The login history table would simply timestamp when the user logs into the site. However, this won't accomplsih my goal of preventing more than one individual from using the same login name.
Instead, would it be better to have a login status field either in the login history or user table that is set to 1 for logged in and 0 for logged out? It would need a stored procedure to update the value at login and at logout, and would need to be validated when a user logs in such that if login status = 1, user already logged in and cannot login a second time. Is this a feasible approach?
Please share other methods you've used to prevent the same login credential from being shared amongst multiple individuals.
Thanks,
Sid
If it is OK to logout an already logged in user if someone else logs in with the same credentials then you could do the following: when a user logs in generate a random ID in your database for that user and the same in a cookie session. The two must match to authenticate.
Without rolling your own session handler, you could do a little parallel tracking. When a user logs in, you can store the user's session ID and login time in the database (maybe inside the user information table). The login script could then check for the existence if this sessionID and allow/deny login based on the presence of the session ID. If the ID's null/blank, then the user logs in. If there's a session ID present, and it's more than X minutes old, allow the login. Otherwise deny them.
Of course, you'd probably want to roll your own session cleanup handler at that point, so that when stale session files get deleted, you can remove the associated IDs from the database at the same time.
The problem here is detecting the user is logged in (i.e. whether he didn't logout).
One possible way is to register in the database the time of his last activity and the time of his explicit logout. You could then deny a login if it this was attempted less than say 5 minutes ago relatively to his latest activity and if he didn't login in between.
You could force "activity" by having the website pages periodically poll the server with Javascript.
It's easy to determine when someone logs in. It's much harder to determine when someone logs out. If you have a mechanism of killing the webcast streaming to a particular user quickly, you might want to have something which pops up asking the user if they want to kill their other session if you think there might be one active.
How are you doing user sessions on the server? If you store them in the db, you could query the active sessions anytime someone attempts to log in and see if they're already in there. Of course you'd probably also have to check some kind of timestamp since you're not guaranteed that sessions will disappear at session.gc_maxlifetime.
You might want to consider making a global variable in php to store a hash array with login status. This has the benefit that if the application has to be restarted for some reason, the user isn't stuck in the wrong state in the database.
You can store a mapping from user ID to IP or session cookie and redirect requests that come with different information to the login page. If the user logs in, the other session would be invalidated and further requests in the last session forward to the login page.