|
Posted by Joseph S. on 11/24/65 11:28
> You do need to worry about bookmarking such pages, especially if
> you're selling something. If the user can't come back to the page,
> you may lose a sale. Now, some things shouldn't be bookmarked (like
> a customer's list of what's currently in his shopping basket, or a
> partially-completed order, or a map to the store based on the
> customer's location), but pages for individual items for sale should
> be bookmarkable.
One other idea that naturally follows is that you can provide visitors
with a "mark as favorite" option or a "store my search" (a prominent
check box) and store a cookie on the user's computer and an entry in
your database (or maybe a php page explicitly for stored searches which
will read the cookie from his computer and direct him to the product
that he searched for after some processing). So it is only one page
that has to do with GET and without POST.
However, I feel it may be better still to design out all the pages and
separate out the GET and POST pages and keep them independent - e.g.
your catalog pages all are
http://www.mystore.com/catalog?cat=56&prod_id=65 etc. and your payment
and customer details and payment details pages are all POST.
One security related question: in Apache, how good is the idea of
mapping Aliases for php pages?
e.g.
I make an entry in httpd.conf for
Alias /store C:/Apache2/htdocs/store/displayall.php
and always use the header function like this
header("Location: /store");
or
header("Location: http://www.mysite.com/store");
will it be of any help for security?
BTW, can the Alias entry be put in a .htaccess file?
Joseph S.
Navigation:
[Reply to this message]
|