运输车的双向会话

发布于 2024-10-20 20:26:40 字数 395 浏览 4 评论 0原文

这就是我想要实现的目标,我只是想知道实现它的最佳方法是什么。

我有一个标准的电子商务网站。当客户浏览网站时,他的购物车内容存储在会话变量中。除非客户结账,否则购物车不会存储在数据库中。

现在,有时客户在实际下订单之前会打电话给呼叫中心。然后他询问有关他的购物车的问题 - 我希望另一边的代理能够提取购物车内容。

我正在考虑在客户端加密会话 ID,然后在购物车页面上显示“购物车 ID”,以便客户通过电话向代理提供。然后,我将解密会话 ID,代理将能够直接在 cart.php 页面中访问购物车内容。

我的问题是:

  1. 这安全吗?我没有在会话中存储客户的个人信息。仅购物车内容。
  2. 我最好的加密方法是什么?
  3. 有没有更简单的方法来实现这一目标?

This is what I'm trying to accomplish, I'm just wondering what is the best method to achieve it.

I have a standard e-commerce site. When the customer browse the site his cart content are stored in a session var. The cart is NOT stored in the database unless the customer checkout.

Now, sometimes a customer calls in to the call center before he actually places an order. He then asks questions about his cart - I want the agents on the other side to be able to extract the cart content.

I was thinking on encrypting the session ID on the customer side and then presenting the "cart id" on the cart page for the customer to give the agent over the phone. I will then decrypt the session id and the agent will be able to access the cart content directly in the cart.php page.

My questions are:

  1. Is this safe? No where along the way I store the customer's personal information in the session. Only the cart contents.
  2. What would be my best encrypting method here?
  3. Is there a simpler way to achieve this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

夏天碎花小短裙 2024-10-27 20:26:40

有没有更简单的方法来实现这一点?

是的。

将用户的购物车存储在数据库中,为其指定一个 ID,然后使用该 ID 作为通过电话提供的令牌。出于隐私和可猜测性的目的,请尽量避免在此处使用顺序 ID。

PHP 会话数据很难使用,因为它是一种序列化数据,但又不完全是。将购物车存储在数据库中将会为您提供更好的服务。

当然,由于会话会过期,购物车也会过期。将上次修改日期与购物车一起存储,并偶尔清理不可能仍属于活动会话的购物车。

Is there a simpler way to achieve this?

Yup.

Store the user's cart in the database, give it an ID, and then use that ID as the token given over the phone. Try to avoid using a sequential ID here, for privacy and guessability purposes.

PHP session data is hard to work with, because it's kind of serialized data, but not quite. You'll be much better served by storing the cart in the database.

Of course, because sessions expire, carts should as well. Store the last-modified date with the cart, and occasionally clean up carts that could not possibly still belong to active sessions.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文