Hrm.. perhaps this has to do with browser caching :).. You also may want to make sure that on a multiple product listing.. that the other products on the form are not also getting added to the user's cart.
Also.. be careful when storing the price in a hidden field in the HTML form.. a known attack to set the price of an item in a cart that stores the price in hidden fields to $0.. is to simply copy the html to a file on your hard drive and edit the html so that the hidden field for the price says 0.. and submit it from the file on your hard drive. -Zine -----Original Message----- From: Mark Picker [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 11:48 AM To: CF-Talk Subject: Problem with shopping cart (probably bad session coding) Hi All, Now this is really starting to s&*t me off. Has been giving me a headache for weeks now and I'm sure it will turn out to be something very very simple that I changed that is causing my problems. More or less these pages come from a shopping cart tag I got a long time ago from the Developers Exchange and had been working fine, but recently has started doing something weird. So first some of the code : application.cfm <cfapplication name="ttzed" clientmanagement="Yes" setClientCookies = "Yes" sessionmanagement="Yes" sessiontimeout="#CreateTimeSpan(0,0,30,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0)#"> <cfif NOT IsDefined("session.basket")> <cflock scope="Session" timeout="10" type="Exclusive"> <!--- Create the shopping basket ---> <CFSET session.basket = queryNew("PartID, PartNumber, ProductURL, Price, Quantity, saleDate, GroupBuy, Grouping")> </cflock> </cfif> ....... Now the index page is loaded which has various checks in it, but gets to a section that does an "action" check. (In this case defaults to "list" which causes the products_listing.cfm page to be included) <cfif NOT IsDefined("attributes.thispage")> <cfset attributes.thispage = "#GetFileFromPath(GetTemplatePath())#"> </cfif> <cfif NOT IsDefined("attributes.querystring")> <cfset attributes.querystring = "?"> </cfif> <cfset thisPage = attributes.thisPage> <cfset queryString = attributes.queryString> <CFCASE value="list"><!--- Product listing ---> <cf_products_listing action="list" thispage="#thispage#" querystring="#querystring#" dsn="#request.dsn#"></CFCASE> ........ On the products_listing.cfm page is a form : <cfoutput query="qryParts"> <cfform action="products_compilebasket.cfm" method="post" style="vertical-align: middle;" enablecab="No"> <td align="center" valign="middle" bgcolor="EBEBEB" class="greytext" style="vertical-align: middle;"> ......content to display product summary, image etc....... <input type="Hidden" name="Quantity" value="#dftqty#"> <input type="Hidden" name="PartID" value="#fldPartID#"> <input type="Hidden" name="PartNumber" value="#fldPartNumber#"> <input type="Hidden" name="Price" value="#tempPrice#"> <input type="Hidden" name="ProductURL" value="long winded URL here......"> <cfif grouping EQ 2> <input type="Hidden" name="GroupBuy" value="1"> <cfelse> <input type="Hidden" name="GroupBuy" value="0"> </cfif> <input type="Hidden" name="Grouping" value="#grouping#"> <input type="Hidden" name="action" value="Add to basket"> <br><input type="image" src="../images/add_to_basket.gif" alt="Add to basket" align="top" border="0" onClick="javascript:submit();"> </td> </cfform> </cfoutput> .............. Now to keep things simple on the products_compilebasket.cfm (where the form is submitting to) I have the absolute top of the page using this code : START Current list of IDs in basket (product_index):<br> <cflock timeout="30" throwontimeout="No" type="READONLY" scope="SESSION"> <cfloop query="session.basket"> <cfoutput> #session.basket.PartID#, </cfoutput> </cfloop> </cflock> START Current list of Quantity in basket (product_index):<br> <cflock timeout="30" throwontimeout="No" type="READONLY" scope="SESSION"> <cfloop query="session.basket"> <cfoutput> #session.basket.Quantity#, </cfoutput> </cfloop> </cflock> Then some code to check if product was already in the basket and if so, add new quantity to old one....otherwise add product etc..... <!--- Add product to query ---> <cfif action is "Add to basket"> <cflock scope="Session" timeout="10" type="Exclusive"> <!--- check to see if the product is in the basket already ---> <cfset productRow = listFind(valueList(session.basket.PartID), form.PartID)> </cflock> <hr> Product Row : <cfoutput>#productRow#</cfoutput> <hr> <!--- Product is in basket, update quantity ---> <cfif productRow neq 0> <cflock scope="Session" timeout="10" type="Exclusive"> <!--- determine the new quantity and the correct row ---> <cfset oldQuantity = listGetAt(valueList(session.basket.quantity), productRow)> <cfset newQuantity = form.Quantity + oldQuantity> <cfset tempValue = querySetCell(session.basket, "Quantity", newQuantity, productRow)> </cflock> Then the bottom of the page it has the same code as the top, outputing what the new value of session.basket.PartID is. Now.......the problem. Sometimes, you click to add a product to the basket that you know isn't in there yet (have code on previous page also outputting current value of session.basket) but "sometimes" when it does it's check, it finds the product ID already in the session.basket, and the output at the top of the page also list the product ID even though I know for a fact it hasn't yet been added. Now you could log the session out, reboot, whatever and do the exact same steps (same product, order of procedure etc) and this time it may or may not already fine the product in the list. And it just keeps doing this. Sometimes products appear in the session.basket output at the top of the page (where the code to add them hasn't even run yet!!) and sometimes they don't...and the rest of the page processes as per normal and adds them like it should. What keeps making this harder to track down is the fact it just appears to do it when it feels like it, sometimes not at all in a session, other times every single product will do it. Does anyone have any idea on what could be going on here? I have tried it on three different CF5.0 Pro machines and all have the exact same problem. Thanks for your help. Mark Picker [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
