Thursday 24 January 2013
Question:
- Let’s
suppose Virtual E-Mart is the leading online shopping cart company
or web application. They maintain the prices for its each sale item
(dresses, shoes, handbags and wallets) in shopping cart.
- They provide
special discounts for users based on their past purchases using this online
shopping cart. They offer them a special discount ranging from 25%-35% when
a user purchases 8 or more items within six months.
- They also
offer a pair of any shoes as a gift, when a particular user purchases 5
sets of clothing at a time.
- When a user
purchases 20, 30 or 50 items he becomes a “lucky user” and they provide
him silver, golden and diamond view.
- In each view
users are shown the latest design of those items which they like the most
but not yet advertised in normal view.
Understand the scenario given above and answer the following
question.
1. Which technique of session tracking Virtual
E-Mart should use to keep track of users? Also give reason for choosing the
technique for the above mentioned features? (5)
2. If they maintain their systems fields
like “prices of items” without using any form of validation. What will be the
threat?(5)
3. If they use hidden fields to store
information of user for session tracking.
For example, instead of using HTTP Basic
Authentication, developers sometimes embed the username and password provided by the user as hidden fields in all the forms
in which user fill information to purchase
an item.
Give one advantage and one disadvantage of
using hidden fields in this scenario .(5)
