Definitely keep the shopping cart separate from the session. Transient data like the user's ID and login status go in the session. Data that applies to multiple users or lasts longer than the current browsing session never goes in the session.
By the way, cookies are not more secure than URLs. They are passed as plain text, and anyone who has access to sniff packets on the user's local network can grab and use either. Cookies are passed (from the client) on every request.
If you want sessions that are more than just "hard to guess", use an MD5 hash with a secret password on your side as part of the cookie, to verify that the cookie data actually came from you. This does not prevent people from sniffing the cookie off the wire, but it does prevent them from using a brute force attack to guess a valid session ID.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|