Flutterby™! : Shopping Cart Gripes

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Shopping Cart Gripes

2004-07-06 11:59:47.325764+00 by meuon 11 comments

I'm working on a generic small business shopping cart system for my own reasons, mostly that I have some time to do it right, and a couple customers that want a good system, but are not picky about it, save that it works well. I'm looking for intelligent feedback:

For example: I dispise having to remember a login/password to a site that I'll maybe use once in 6 months. I don't, and then I have to retrieve a password to order again. I like it when the shopping cart is displayed on the main site pages as I shop, so I know what I ordered (and sometimes what I didn't).

What is your favorite feature or what do you not like about shopping carts/ordering systems?

[ related topics: Work, productivity and environment ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2004-07-06 14:01:43.408612+00 by: Shawn

I'll second your gripe about registering (login/password) to use a cart. It's not uncommon for this to be enough for me to decide that I really didn't need that product/service right now anyway.

Another gripe, although it's less common now, is forms that don't remember your data when they kick you back for forgetting a field.

I like to print out a copy of the receipt for our records, so a print-friendly confirmation is always nice. I'm never sure if I'm going to get a confirmation page with complete information, though, so I often wind up printing the "check to make sure everything is correct" page as well. A mention of what I can expect on the confirmation page would be helpful.

Also, we never got around to implementing it, but a client once indicated that they wanted some kind of "step X of Y" notification on each page.

#Comment Re: made: 2004-07-06 14:57:09.167108+00 by: flushy [edit history]

It's not enough to just save their login/pass combo in a cookie. Even if you md5 it, it's still not safe enough. Use php or perl's encrypt functions to save your login/pass data. You'll be using a symetric key, and the key would be in the php code, but it's safer than not using encryption at all in the cookie. If you want to get fancy, use the openssl seal and unseal() functions which use public/private key pairs to encrypt the data. Your only limitation is the size of the key defines how much data you can encipher. A login/pass can easily be stored with a 1024-bit key (128 bytes).

also, make your logins based on the email address. It's easier to remember. Also, don't forget to include an EASY way to send them a password reminder. I also like the sites that offer "answer your special question" to reset the password - which email's a random password to the person. Thus, you are never actually revealing their true password in plain text.

Oh!! Even if you're not using https for the cart until the very end (where they plug in their cc info), at LEAST use https for the login process. It prevents prying eyes from seeing the initial pass/login exchange.

#Comment Re: made: 2004-07-06 15:28:45.060981+00 by: Dan Lyke

In a perfect world, I like the option of transferring a shopping cart to someone else. For instance I might configure a computer or set up a components order online, and then transfer that to someone in another office for the actual purchase.

I want to explicitly opt-in to having my browser remember anything critical to completing the order. We've had at least one incident with the cleaning staff here at work were I just don't want any passwords, credit-card info or long-term cookies saved on my browsers on my desk. "1-click" is a big no-no.

Shopping carts should be persistent for days rather than hours. Sometimes I'll pop up a window and browse casually, not actually deciding to order for a few days; companies have lost me when I've come back after lunch and they've told me my session expired.

I'd love the ability on the Digi-Key site to remember a list for a given component, be able to tell it to buy parts for 5 of this device and 4 of that device, and then adjust each component depending on price breaks and stock on hand (ie: ordering resistors in singles rather than hundreds is absurd, so I'd love to say "give me enough for 10 motor controllers, but delete the resistor parts, and give me 50 of the driver transistors rather than 40 because there's a good price break there").

#Comment Re: made: 2004-07-06 15:42:15.518907+00 by: meuon

Good comments, like: the 'step x of y' - I like that also.. And Dan, the Digi-Key features may be beyond my current scope, but I'm scratching my bald head. Security is a real concern, so far, I'm refusing to store payment data beyond the order processing. Just not worth the risk on a system where the SQL server and the website are on the same machine (for now).

#Comment Re: made: 2004-07-06 16:49:56.566308+00 by: Diane Reese

I absolutely understand the security concerns, but I hate hate hate having to re-re-re-register my credit card for a site I visit regularly... or even not so regularly! I love love love it when I head for checkout and discover, "Oh wow, look, the last time I was here I must have dug out my purse and found that stupid credit card and typed in the number, and they remembered it for me, even after all that time, so I don't have to do all that crap again! Excellent!" Perhaps offer the purchaser an option to remember the card info (with some "what this might meant to your security" notice somewhere?)?

(Re Cleaning staff problems: turn off the machine at night, or insert a screensaver password.)

#Comment Re: made: 2004-07-06 17:13:35.506109+00 by: Dan Lyke

In both Mozilla and Opera you can remember values typed in to a form for future retreival. And I've no problem with a site remembering such information, it should just ask me first.

(Although, as Meuon points out, this is much better done as a part of the client than on the server. Lots of credit card theft has happened because of unsecured servers.)

Of course I also find that I quickly remember my credit card numbers if I do enough online purchasing with 'em.

Screen saver password is probably the right thing, I was trying to log off, but occasionally I'll want to save the state of my desktop overnight.

#Comment Re: One computer, two users made: 2004-07-06 18:21:36.196084+00 by: DaveP

One of my biggest complaints about shopping carts in general is that almost all of them make it nearly impossible to have one computer, one human, but two "accounts". For example, I have both a personal and a business account at amazon.com and use them about equally often. But Amazon makes it easy to switch between the two credit cards and shipping addresses, so I never notice the hassle.

Paypal, on the other end of the scale, SHUT DOWN my "business" account when I opened a "personal" account with them. That was over 18 months ago, and I haven't done any business with them since (though I only closed the account this past winter).

#Comment Re: made: 2004-07-06 19:53:39.586641+00 by: meuon

PayPal will now allow you to have TWO accounts, one business and one personal, with different bank/cc info. Very useful for testing!

PayPal is an interesting system and I have some unique experience using them for a goey (not quite slimey) customer. I had (control of) three verified biz accounts with them and thought they would hit the roof when I moved one dollar from account to account over and over again in testing.. nada. Then I wrote a program to test what their threshold was/is - I moved the same dollar in round robin over 1000 times in about 12 minutes, using their IPN to trigger the next transfer. Nothing. Nil. ( Their IPN/Instant Payment Notification gateway is very useful, worth using, and I will be using it as an option in this and future systems. ) Then, in real business mode we moved $900k over the next two weeks using this system, to and from about 700 paypal accounts. No issues. During this same two weeks, we collected $14k in an account used for collecting our 'application hosting fee' - We got exactly TWO complaints sent to PayPal by mentally deficient morons who paid $49.00 via paypal after two screens of who/what/why/policies.. including a money back policy and PayPal froze the account (with $6k in it) and contacted the FTC. It's now waiting for further investigation while PayPal sits on the $6k until resolved. Lesson: Withdraw your PayPal balance every day!.

#Comment Re: made: 2004-07-11 18:46:50.911934+00 by: concept14

Broken Javascript that only works in IE.

Sites that don't work unless you enable 3rd party cookies.

Searches that purport to offer an "exact title" option but still show you everything in the catalog that contains the words you entered. One of the used book dealers drives me nuts with this when I search for a title that consists entirely of common words.

#Comment Re: made: 2004-07-14 02:19:03.100103+00 by: concept14

Also: Pictures that show more detail of the satisfied customers than they do of the actual product.

Stupid browser sniffing that only recognizes IE and Netscape. Ebay used to think that Opera was a mobile phone!

Screen size tyrants.

If the site accepts PayPal, that is like a great big blinking neon sign that says "Small Time Operator."

#Comment Re: made: 2004-07-15 11:27:15.953741+00 by: meuon

Concept14, Good first 3 comments, Thank You!. Just like Dan's discussion of Genres, PayPal hits a certain, very large, market. If PayPal is the ONLY option, you are correct. I now believe that it should be one of the options. If for no other reason than PayPal allows people without credit/debit cards to purchase things. Even I keep a couple of hundred in a PayPal account to buy things, mostly from vendors I would not want to have access to my credit card.