CGIs and Web Commerce

FORM-based Web pages and CGI are the key enabling technologies for Web Commerce.

Web sites can sell either tangible goods (merchandise) or content. Important issues include:

Marketing
getting customers to your site, and presenting and selling your product, ultimately convincing them to order something.
Ordering
typically managed by a shopping cart application, see next slide.
Order Processing
check order, verify payment, address, etc. Possibly send customer email confirmation.
Order Fulfilment
packaging, shipping, etc


Shopping Carts

A shopping cart application is a CGI-based set of Web pages which allow a user to browse items, and add them to their "cart" at the click of a button.

The user can (usually) examine and modify the contents of their "cart". When they are ready, they move to a final "commit" page, where they finalise the ordering process, with (for example) a credit card number, shipping address and an email contact address.


State Maintenance - Hidden Fields

A shopping cart application is more difficult to implement than it may seem. Because the HTTP protocol is stateless, a Web server regards every connection as entirely new, with no relationship to any previous or future connections.

However, a shopping cart application requires persistent state maintenance - each HTML page sent contains information derived from earlier pages.

A hidden field within a form is the simplest way to maintain state. A hidden field is like any other FORM entity; it is simply not displayed by the browser. It can be inspected using, for example, the "View Source" option of the browser.


State Maintenance - Cookies

Whilst hidden fields are a simple technique for state maintenance, they are not a general solution. A cookie is a small piece of information which a server can store "within" a Web browser. For example, the following segment of Perl CGI code sends a cookie:
print "Content-type: text/html", "\n";
print "Set-cookie: MeLove=Cookie%20Monster", "\n\n"
print ";.....rest of Web page
This stores "MeLove=Cookie Monster" with the browser. The following Perl CGI code reads a cookie:
print "Cookie:", $ENV{'HTTP_COOKIE'}, "\n";
Each cookie can have several extra attributes:

Name=Value
this attribute is compulsory, and more than one is allowed. Both "Name" and "Value" can be any ASCII string.
expires=DATE
defines the lifetime of the cookie. Default is the current browser session.
domain=DOMAIN
an Internet domain name to which this cookie may be sent.
path=PATH
defines the subset of URLs within a domain for which this cookie is valid and may be sent.


Security and Cookies

Cookies have caused a great deal of debate. The following are some of the issues:

Some sites with useful information on cookies include:


CGI and Database Integration

A shopping cart application almost certainly needs a "back end" database to store product and inventory information, as well as transaction records of purchases, etc. There are several options:


Java (and JavaScript) Applications in E.Commerce

The Java and Javascript languages execute programs or applets in the browser. However, since not all browsers will necessarily have this functionality, it's doubtful whether a Web Commerce system should utilise them. Nevertheless, they can be useful:


Web Transaction Security

There are several aspects to security in Web Commerce:

Site Certificates
issued by a trusted service, these digital signature-based certificates are sent by a server to prove that it is who it purports to be; that is, that it really is (eg) http://amazon.com and not http://hackers-r-us.com masquerading as them.
Secure Sockets Layer
SSL is a public key encryption system. A server can publish its public key in association with its site certificate. The public key can then be used to communicate securely. You can tell if a server uses SSL for a document if the URL starts with https://... Also, if you're using Netscape, the little "key" icon will appear in one piece. On the other hand, encryption is computationally heavy, so it's typically not used for normal Web pages.

There's an excellent "white paper" on this stuff at:

http://search.netscape.com/newsref/ref/128bit.html


This lecture is also available in PostScript format. The tutorial for this lecture is Tutorial #23.
[Previous Lecture] [Lecture Index] [Next Lecture]
Phil Scott