|We don't bite newbies here... much|
Should I add shopping cart items to session table or create new table?by powerhouse (Friar)
|on Mar 23, 2003 at 18:46 UTC||Need Help??|
powerhouse has asked for the
wisdom of the Perl Monks concerning the following question:
Hello, I am using Apache::Session::MySQL to maintain sessions, and they last for 1 year, or until the user expires them. It places a cookie on their computer to track the session key, and it checks to make sure the cookie is present, if not, then it adds the session key to the url, and it's passed to every page.
With that said, I am about to add the Shopping Cart functions to our site. Should I create ANOTHER MySQL table to hold all the shopping cart items, OR Should I just put them in the session?
I don't know what would be best. I think that if it was in the session then it would be easier to maintain, and the session keys are pretty hard to guess, but since they are passed to EVERY page, in the event the user does not accept cookies, then it would be fairly easy for a hacker to sniff it out, and then just add the session key to their session, and take it over.
Also of note, however, is the fact that I'm using PayPal to process orders, so I don't maintain any financial data, so it would not benefit a hacker to hijack a session, since they could not get any finanical data anyways.
What would YOU do?
I would like to read about what you personally, as a perl guru or not, would do.
Title edit by tye