I have a checkout process that has the following stages:
I use PHP session variables to store information along the way and I check these session variables exist throughout the buying process as the user proceeds with their purchase. I also have some code in place to stop users being able to hit the customer, payment or order confirmation page directly as this would mean they haven't obtained a quote on the results page and wouldn't have set the relevant session variables.
The problem:
It seems users who are getting quotes on tablets and smart phones are doing a lot of price comparison with other websites and leaving our site open in a tab. But the behaviour of such devices is different to desktop browsers.
It seems that if you leave a tab open and then go to another app, or load lots of other webpages, that when you try to return to a previous tab, the device will either:
And there is the problem. If someone is on my customer page or payment page, and the URL gets a fresh hit, the session doesn't appear to exist and my code thinks someone is hitting the page for the first time, which throws a friendly error message to my customers saying to please restart their quote.
Is my system badly designed? Does anyone have any suggestions how I can get round this? I really need a way to allow customers to sit on a customer details stag or payment stage, maybe for a couple of hours and then be able to complete the buying process.
Should I be using sessions, cookies and database - or a combination?
Your problem can only be reliably solved by using cookies. PHP can store its session variable in a cookie and read all relevant session parameters internally by the value the session cookie has.
So instead of an URL session you get a cookie session.
just use session_start() at the top of each of your PHP files or if you have a main object that always gets loaded first(for example index.php) place session_start() there.