Instead,
we??™ll use SSL over HTTPS connections. We??™ll take the TShirtShop application to the point where
we can implement a back-end order pipeline in Chapter 18.
In this chapter, you??™ll learn how to
??? Store customer accounts
??? Implement the security classes
??? Add customer accounts functionality to TShirtShop
??? Create the checkout page
477
C H A P T E R 1 6
?– ?– ?–
Storing Customer Accounts
You can handle customer account functionality in web sites in many ways. In general, however,
the methods share the following features:
??? Customers log in to access secured areas of the web site.
??? Once logged in, the web application remembers the customer until the customer logs
out (either manually via a Log Out link or automatically if the session times out or
a server error occurs).
??? All secure pages in a web application need to check whether a customer is logged in
before allowing access.
First we??™ll look at the general implementation details for the TShirtShop e-commerce site.
The TShirtShop Customer Account Scheme
One simple way to determine whether a customer is logged in is to store the customer ID in
the session state. You can then verify whether a value is present at the start of the secured
pages and warn the user if not. The login form itself can then authenticate the user and store
a value in the session state if successful, ready for later retrieval.
Pages:
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597