7 Replies Latest reply on Jan 23, 2008 1:14 PM by jqcf

    Are Cookies Required for an Ecommerce Site

    jqcf
      Is there anything that you can do to make your ecommerce site work if a user decides to block them with his browser?
        • 1. Re: Are Cookies Required for an Ecommerce Site
          Level 7
          Pass all the required data through get (URL) or post (FORM) requests.
          ColdFusion has the ability to pass the session required CFID & CFTOKEN
          cookie values though the URL so that cookies are not required. Then all
          the other state data can be stored in the session scope.

          This does require quite a bit of effort to make sure that every link,
          form post, any other request, passes these values. It also opens a
          whole world of session sharing issues as URL's with these values can
          easily be bookmarked, e-mailed, otherwise shared. You will need logic
          that minimizes this risk.

          It can be done. However most developers just choose to clearly require
          cookies in the user information of the site. A simple test to see if
          cookies are disabled can provide feedback to users who may not be aware
          of the issues.

          HTH
          • 2. Re: Are Cookies Required for an Ecommerce Site
            Charlie Griefer
            pass the cfid/cftoken (or jsessionid) in the URL for each page request.
            • 3. Re: Are Cookies Required for an Ecommerce Site
              jqcf Level 1
              How do you perform a test to see if the user has disabled cookies with their browser settings? Something like this in application.cfc?

              <cffunction name="onSessionStart" output="true" returntype="void">

              <cfcookie name="test" value="" expires="7">
              <cfif IsDefined(Cookie.test)>
              <cfif Cookie.test eq "userBrowserAllowsCookies">
              <cfset session.cookiesAllowed = 'yes'>
              <cfelse>
              <!--- Rejects Cookies--->
              <cfset session.cookiesAllowed = 'no'>
              </cfif>
              <cfelse>
              <cfset session.cookiesAllowed = 'no'>
              </cfif>

              </cffunction>
              • 4. Re: Are Cookies Required for an Ecommerce Site
                Level 7
                Something like that. Just realize it takes two request to complete the
                test. The first request you attempt to set the cookie. On the next
                request you attempt to read it. If it does not exist, the user is not
                allowing cookies.

                Do this the first time the user access the site and you are golden.

                Just remember that if there are no cookies there is no session scope,
                unless you pass cfid and cftoken values in the URL. ColdFusion must
                have these values, usually stored in cookies, to know what requests
                belong to what session data.

                • 5. Re: Are Cookies Required for an Ecommerce Site
                  jqcf Level 1
                  So, I'd need to add html code like this to every href link?
                  <cfif not IsDefined(Cookie.test)>
                  <cfoutput>
                  <a href =" /link.cfm?session.cfid=#cfid#&session.token=#cftoken#">shopping cart test</a>
                  </cfoutput>
                  </cfif>
                  Or, is it more complicated than that?
                  Can anyone point me to a tutorial for this?
                  • 6. Re: Are Cookies Required for an Ecommerce Site
                    Level 7
                    There are functions that can help you manage your session state through
                    the URL.

                    The 'Using Persistent Data and Locking' section of 'ColdFusion
                    Developer's Guide' in the ColdFusion documentation discuss the ins and
                    outs of Session state management and doing so without cookies. After
                    this you should be able to find blogs and discussions that tweak out the
                    finer details.

                    • 7. Re: Are Cookies Required for an Ecommerce Site
                      jqcf Level 1
                      Is it as simple as something like this around all your links?

                      <a href="<cfoutput>#urlSessionFormat('link.cfm')#</cfoutput>">this link keeps the session info if a user has blocked cookies on your site </a>