CODEWITHSUNDEEP
phpsessioncookiesweb-storage
nick
nick

Reputation: 333

Setting the cart session in Cookie

I am creating a shopping cart and I am just using session to update the cart. But I want to set it to cookie and retrieve it for further usage... My cart session is :

$_SESSION['cart'][$pid] = array("item_id" => $pid, "quantity" => $tobesend, "price" => $price_per_q);

I want to set this whole thing into cookie. Help please. And I would like to know what is the benefit if I use web storage instead of cookie here...

Thank You..

Upvotes: 3

Views: 3292

Answers (3)

Mark LaCroix
Mark LaCroix

Reputation: 43

As Joshua points out, cookies are not the best place to store cart information. That type of information should be kept on the server. Depending on your requirements, that could be session data or a database. Storing cart information on the client does not allow any insight into cart contents. For example, if someone leaves items in the cart, you can engage them by sending reminders or adding messages to the storefront page.

To answer your question, cookies are strings, so if you want to store your cart data structure as a cookie, you need to serialize it. Refer to this earlier question for a discussion on the technical merits of serialize and json_encode.

The term "web storage" is a bit ambiguous. Are you referring to the HTML5 local storage? If so, that's probably not a good option since the data is not automatically sent to the server on each request as is done with cookies.

Upvotes: 0

m79lkm
m79lkm

Reputation: 3070

As @Joshua Kissoon mentioned, cookies should only be used for non-sensitive information and for a small amount of data. If you need to use a cookie you can set your data in an array and serialize it:

$cart = array($pid => array("item_id" => $pid, "quantity" => $tobesend, "price" => $price_per_q));
setcookie("cart", serialize($cart));

Check for it then access it:

if (!empty($_COOKIE) && isset($_COOKIE['cart'])) {
    $cart = unserialize($_COOKIE['cart']);
    echo '<pre>';print_r($cart);echo '</pre>';
}

I would only use this for unimportant data.

Upvotes: 1

Joshua Kissoon
Joshua Kissoon

Reputation: 3319

Cookies are accessed by anyone who uses the user's browser, the best thing to do is to store the cart session in the database, and only store the row ID of that database entry in a cookie. So basically:

// Store the data in the database, in whatever form you choose
$id = last_insert_id(); // Get the ID of the row in which this information is stored

// Store the id in a cookie
setcookie("cart_session_data_id", $id, time() + 3600 * 24);  /* expire in 1 day */

Now you retrieve the data from the database back into session when needed

// Get the row id from the cookie
$id = $_COOKIE['cart_session_data_id'];

// Use this ID and retrieve the data from the database

Why web storage instead of cookies?

  1. It's not wise to store sensitive data in cookies since an XSS attack can get all cookies
  2. Cookies give you a limit of 4096 bytes per domain

More Resources:

  1. http://davidwalsh.name/php-cookies
  2. https://www.php.net/setcookie
  3. Local Storage vs Cookies
  4. Keep $_SESSION alive with autorenewing counter

Upvotes: 3

Related Questions