I am developing an ecommerce site with angularjs.. Whenever a user add, change quantity or delete product from cart a local array of products will be updated(I am not pushing to server because that would mean a lot of requests) and I listened for window.onbeforeunload to push changes to server. It worked great on my local machine. But when I tested this on server it didn't work as expected.
Is there another way to do this? Maybe saying before leaving page wait a second to send a successful request then leave? Or do I have to push changes every time the cart is updated..
I also want to leave managing cart for the server, meaning I can't manipulate cookies. Because on server I am using external classes that handle cart on it's way e.g. creating encrypted item identifier for each item.
I found a solution, not sure if it's best practice but after testing it in many situations. It seems to work very nice...
When user modifies the cart the items are saved using javascript(no requests needed) in a cookie as json array.
Before each request I check if there were items saved in the cookies to do the following:
a. Destroy the cart.
b. Retrieve and json_decode items saved in the cookies.
c. Insert these new items in the empty cart.
d. Unset this cookie.
The good thing about this approach, there aren't any overhead requests to push local changes to server
But the bad thing it makes using a cart on the server that saves items in different cookie look silly and I might refactor that with my own cart class to share the same items cookie ....
Related
I have a problem, I am writing a system for an company and I want it to be as secure & robust as possible, but now I'm stuck.
I have a product list, where a logged-in employee can edit, delete or emit (print) specifications about a product.
Let's assume I'm a logged-in employee on that system. When I click a product from the product list and then click on emit (print), javascript will send data over POST to the next page (Yes, it must be JS, because of the design of the page).
So the next page is displayed with correct info about that product (because POST passed the product id to the next page, which then realized an SQL query and fetched all info).
Now, on that page, I can verify if all info is correct and then click again on emit (print) to finally print the specifications. But here I came across a caveat: How will the next page know the product ID? I can't use POST, because there's nothing to post..
Cookies are designed for such stuff, but I think that when I'm logged in two tabs on the same browser and then click print on both tabs at once, the same Cookie will get called twice and overwritten twice (conflict), and, consequently, product id's could get swapped.
$_SESSION I believe I can't use too, because if two users are logged on the same Machine, data could get swapped too, just like in cookies.
Now, what is the 'best' practice to pass data between pages that "supports" multiple concurrent users on the same machine, and even in the same browser?
This somewhat similar question solved my problem:
Any way to identify browser tab in JavaScript?
This way I can create an unique "emitID" for that tab and then use that to take track of the current product id.
Also thanks to #SteevePitis for pointing me in the right direction.
I'm currently trying to create my own shopping cart for a client using JQuery. I was just wondering if the best way to store information for a custom cart is using cookies?
I have a product page that adds information via JQuery to Cookies and then a check out page that grabs the information from the cookies and display it on a check out page.
Is this the way to go about it, is there a better way?
Any help would be greatly apprecaited!
In my opinion, the best to save a shopping card is server side:
Each time someone add a product send an AJAX request and store it (account if logged or use sessions).
It's a bit heavier but it's more secured, and more user friendly, if someone is shopping and don't have the time to checkout on his computer, he can grab his phone login and checkout with the same cart.
AJAX is not really hard as far as you know a bit about request. jQuery provide an AJAX function to send request you should start by this documentation.
An AJAX request is nothing more than a call to a page but instead of being synchron and then display the page to the user, it will asynchron, and just return a status and (in most case) a JSON object as response, to say how were the request if there was any errors or things like this. The backend wont be heavy so the request will be fast enough to be smooth to the user.
jQuery provide callback on error or success that allow you to easily manage to warn user or to update a cart preview without any page reloading or something.
Cookies is also fine but LocalStorage is way to go to store cart related information on client side
Example
// Store
localStorage.setItem("lastname", "Smith");
//Get
localStorage.getItem("lastname");
//Remove
localStorage.removeItem("lastname");
I'm building an app that uses Angular.js for the front and Socket.IO & Redis on Express on the back.
The base usage of sockets is to allow one type of users to push items to lists that are consumed by groups of a second type of users.
A simple example:
Students can push messages into a class list and only teachers of this class can see the list.
I'm trying to sync the list between multiple teachers that are connected at different times,
the lists are stored in a Redis store and I'm wondering if the correct approach to sync clients:
A. Send the list on each update - saving the need of having to manage sync in the client and having potential missmatches.
B. Send the list only on connection and apply incremental updates on successive events.
I'm sure this has been addressed in the past as it seems quite a basic issue with socket communication but I was not able to find a definitive answer.
Thanks!
If the list is not particularly large, then I'd think you want to go with something simple. The simplest thing I can think of is as follows:
Student creates change to the list and sends message to the server (which could be an ajax call, doesn't have to be a web socket).
Server receives message and puts it into the appropriate list storage.
Server then looks for any clients monitoring that list and sends an update message to them.
Teacher connects to the server. Any lists that the teacher is monitoring are sent in their entirety to the teacher and they are subscribed to updates for those lists.
This way, you're never actually doing sync which simplifies matters a lot - you're just doing download list and then incremental updates. There's only one master store. If a client goes off-line, they just get a fresh copy of the list and resubscribe to updates when they come back on-line. Avoiding sync makes the whole solution a lot simpler. This assumes the data is not particularly large so it's feasible to just get a fresh copy of the list as needed.
If you do want to do sync, then a fairly straightforward technique is to maintain one master copy of the store on the server and have every change transaction coin a monotonically increasing transaction ID. Then, each synced copy can just keep track of the last transaction ID that they synced and request all transactions since then. The data store needs to keep track of all changes as transactions (often by writing to a transaction log for each transaction or perhaps a feature in some databases) so any given set of transactions can be played back for any client that is syncing.
So I was implementing a chat room. I'll start off with the schema that I used.
I have a room table, that basically stores the information regarding the chatroom like the number of participant, the topic etc etc.
I have a users table that stores the users info.
I have a posts table that stores the posts. This has a foreign key from Users and from room tables.
also, I have one final table that is to have a relation between users and rooms. So it just has the roomid and the userid from the users who are a part of the room.
Now, I have three divs on page, one for the chatarea, the other where the people online are shown and then there is a text area to post the message.
What I am doing currently is, to have a javascript function loadChats(), now this method calls a php file that just fetches all the posts in that particular room till now. And the same is dumped into my div ie "chatroom".
Also, similarly, I have a loadParticipants() that load the users every other second.
I am using jquery.post for the purpose and in the end of the method, I do a setTimeout in the end of the function. Now here are my questions
Ofcourse i can make this better. Any suggestions? I was thinking of a few.
On every call to php, I get the entire chathistory and send it back to browser, ofcourse I can check if the count of messages is the same as it is on the client side, and if it is, then I wont send the messages. But is it going to make it any better? How?
Also, making a call to server side every other second seems a bit too much of an overkill. Is there any way to do it like, if some new chat is added to posts table, then that particular chatroom is notified and updated? i.e. instead of constantly pinging the server to ask for new request, just ask it once, and wait if there is anything new or not. When that request is completed, it pings the server again for the next update.
You should look into websockets (I've never used them with PHP but this seems really promising: http://socketo.me/). What you can do is have the server push any new messages to the client whenever they come in, and have each of the clients push to the server, etc. This way you won't have to keep pinging the server over and over every 2 seconds, and loading tons of data to compare. When there's a new message, the server saves it to some database and then pushes that message through all the open sockets. Same thing with logging in/logging off.
edit: Just looked through the page even more and their tutorial even goes through how to get it set up with a basic chatroom-esque functionality.
I am a newbie and I am creating a form in which there are 10 buttons next to some products. When the user clicks on these buttons then the corresponding product name is added to an array in jquery. When the user submits the form, i pass that array to the server through ajax and then create a session for those values there. All this is working fine.
QUESTION:-
Is it dangerous to store the data at client side like this? Can any malicious user play with that array of data and change it at client side?
Since I cant create a session on every click because it will need to connect to the server again and again, so what could be the best approach to do this?
Is it dangerous to store the data at client side like this?
Not if you do proper data validation server-side
Can any malicious user play with that array of data and change it at client side?
Yes
Since I cant create a session on every click because it will need to connect to the server again and again, so what could be the best approach to do this?
This would be a working option. Or you just submit the form instead of tryin to store everything in an array. Forms were developed to submit used data. Another option would be to use ajax to set the selcted choice onSelect()
Is it like a shopping cart? wherein your are posting all the selected products to the server?
If so storing the just the product names on the client side is of no harm, definitely one can tamper the array, however on the server side you should validate the array with checks like it contains valid products etc, other than that there is no harm in it.
However one should avoid storing sensitive data on the client side, however in you case no issues.