[thelist] site appraisal

[Chris Johnston]

On Thu, 31 Mar 2005 15:37:24 +0100, Sales <sales at lycosa.co.uk> wrote:
> 
> Hi,
> 
> I would like your opinions of my latest site
> http://www.onlinekitchenware.co.uk
> 
> It is the first full-fledged commercial shopping cart application I have
> completed, and I would like some feedback on usability, design and cross
> browser compatibility.
> 

A few comments on your site.

1. I was able to change the basket ID and view other people's
baskets.This was after I added things to my own basket. After making
the change, when I clicked on the View Basket button, nothing came up
in my shopping cart even though I had added things to it.

2. For the quantity of an item in my basket, if I enter a negative
number, I am neither notified of what I have done nor does it remove
the item from my basket.

3. There is no way of removing an item from my basket

4. If I change the SID on the URL variable and click enter I am able
to view other people's shopping carts.

With the exception of #3, I would consider all of the above to be
possible security risks.

How are you managing sessions on your site? I keep loosing my shopping
cart. If I manually change the URL in the address bar of my browser in
any manner, I get a new SID and a new shopping cart. In just checking
out your site, I think I am on my 5th SID. And yet I am using the same
browser and have yet to actually leave your site. Something major is
wrong here.

You can not tie your entire session management to putting the SID into
the URL. You need to carry this forward using some other method such
as cookies.

-- 
chris johnston

www.fuzzylizard.com

"For millions of years, mankind lived just like the animals and
something happened which unleashed the power of our imagination, we
learned to talk."
Pink Floyd