E-Commerce Solutions: An Apache Overview
May 31, 2000, 14 :02 UTC (9 Talkback[s]) (12123 reads) (Other stories by Martin C. Brown)
Editor's Note: With this column Martin C. Brown begin his regular coverage of Apache and E-Commerce. This initial column maps out the burgeoning area of E-Commerce and what every Apache Webmaster needs to know about implementing E-Commerce on their site.
If you go up to any IT professional and ask them what the hottest Internet buzzword is right now, they'll tell you its E-Commerce. But if you ask them what the term means you'll get a range of different answers. Most people will agree that it refers to some form of selling on the Web, others will classify it as a way of communicating more intelligently with users on a business level. Whatever the real classification of the term, it definitely indicates a better use of the Internet as a tool for making money.
To me this means more than a shop selling the latest CDs and DVDs, or even a portal site like Computer Shopper. E-Commerce also covers the service-based industries like the banking and the ability to pay your utility bills, all through the same web interface. The terms Intranet and Extranet have been around for a long time, and are nothing new, but E-Commerce is beginning to add a new dimension to a previously information only service. In fact, one of the biggest growth areas is in the business to business arena, where the use of E-Commerce technologies is allowing people to big on projects, exchange information, and work more cooperatively.
So, E-Commerce is the buzzword, but how do you actually produce an E-Commerce site?
Well, beyond the obvious elements of an idea and a product or service to sell, you'll need to solve some problems related to identifying and communicating not just with users, but also with the databases and other information sources that go to make up your site.
Here's a quick guide to some of the issues facing the E-Commerce developer that we'll be covering in future articles:
Whatever you're E-Commerce site aims to achieve, it's always useful to be able to track the user as they click through your site. Not only does it provide you with the hooks to provide customized solutions to individual users, it can also help you monitor which parts of your site your users really use. Session managment requires a simple suite of tools that support the creation of unique session ids, expiring old sessions and logging and tracking the session data.
Cookies provide a possible solution to the session management problem that goes far beyond a single user visit. Cookies reside in the user's browser and allow the user to be automatically identified by the site. They can also be used to store other information, including a list of the user's purchases or their display preferences. Using and managing cookies though can be complex, and you'll need to find ways round the problem of users who wont accept cookie data.
Template Driven Pages
Ignoring the issues of executing scripts on your website, you also need to provide a consistent interface between all of your pages. Even simple things like logos and copyright statements will need to be included into your pages. Adding this information manually to the end of each page is a nightmare - especially if you have to change it. It gets even more complex when you mix and match static pages and scripts.
There are a number of solutions including SHTML, a custom built engine for Perl or Python, or an embedded solution like PHP. SHTML, server-parsed HTML, allows you to embed other documents into an HTML page as it's being shared to other users. It only works on static pages, so you also need to develop your own system when using a scripting language. SHTML is also fairly limited, so when using it with a scripted solution you might also want to embed dynamic information, or even dynamically select an embedded element.
You probably think that all your sites will be script driven, but this won't always be the case. In fact, there are advantages to using some static pages and some of the less interactive facilities such as offered by Apache. If you decide to go the scrip- driven route you need to pass information between pages and know how to optimize your Apache server to prevent your users experiencing the world wide wait.
Unless you have a very simple site you'll need to interface to database to supply the information your either going to sell, or that you will use to sell your products. Actually talking to your database is probably the least of your worries; you'll also need to think about where the database resides, what software to use and how to manage your connectivity to the database. Keeping databases open improves performance, but may also tie up connections you'll need for future users. And what happens when a database process fails?
If your site is selling products or services then you need to keep track of the products your users have purchased. The real question is how--you could use hidden fields between pages, but that's prone to errors, and won't be stored if the users goes to another site but for short processes can be easier to manage. Cookies are seen by some users as a security blackhole, and sessions imply a reasonable overhead on your applications, but they all support the ability to perform sophisticated transactions.
Credit Card Authorization
For services that require instant payment you'll need to accept a credit card number and validate it before telling the user their purchase has been approved. But how do you accept the payment and authorize the card to ensure your not breaking the law? Furthermore, how do you avoid giving away products without getting any payment?
Security and Secure Communications
Very few people are going to be happy about giving away their name and address to a site that doesn't use secure communication. Apache supports secure HTTP communication but you still need to provide a conduit between the insecure and secure side of your site. Once you've got the information you also need to ensure that the information is safe on your site--taking secure details is great, but pointless if you leave the machine wide open to attacks.
Returning Non-Standard Data
Internet-based software delivery is probably one of the future hot topics for the next generation of E-Commerce service. The ability to visit a site and purchase and download the software package is nothing new, but with broadband services coming on line it may become the normal method of software delivery. Making the software downloadable from an FTP or HTTP site is not secure; once the URL is known anybody could download.
By using some scripting tricks and other techniques to verify the user you can supply the software dynamically, only when the correct payment has been received. Other solutions can use the same basic process--dynamically selected or created graphics, audio files, even customized software can be transmitted using the same principle.
Creating Graphics on the Fly
Years ago I worked with Hewlett-Packard on the first online-configuration and pricing system on the Web. Now they are ten a penny, but something that we worked that has never made it to the big time is the ability to build a representation of what the final machine will look like. Using some of the tools available today it's possible to draw a picture within a script and then supply the information directly back to the browser.
Development and Production Servers
No matter what platform you are working on, or what type of site you are working on, having two different servers, one for development and the one that actually hosts the site. Keeping the two sites separate is not a problem, but making sure that you can easily and painlessly move your development server data to the real server requires some careful planning and a few tricks.
Error Handling and Debugging
Making sure that you don't provide your uses with a 404 message, or that your script doesn't produce a useless result is vital if you want to keep the professionalism of your site at it's highest level. Apache provides its own solutions, but you also need to make sure your scripts are as clean and bug-free as possible, which can be difficult when your only means of monitoring the script is with a combination of the Web interface and the error files produced by Apache.
Parsing Apache Logs
Even with the addition of sessions and cookies, you still need to be able to read and parse the log files that Apache produces to monitor your web site's usage, performance, bottlenecks, and errors. There are many ways of doing this, from custom-built solutions, to free analyzers like Analog, and even commercial systems like Funnel Web. They all provide similar functionality, but you still need to know how to use the information they output to ensure the best availability for your site.
For this series of articles we'll be covering all these issues, and many more, in terms of Apache and the scripting languages like Perl, Python and Rebol, and solutions like Zope and PHP.
If there's a product or solution that you've been looking for to do with E-Commerce then just drop me a line at and we'll see what we can do!
Martin C. Brown is a full-time writer and consultant specializing in multiplatform integration and internet technologies. He is author of both the Perl and Python Annotated Archives and Perl The Complete Reference.