Hello, I am using Apache::Session::MySQL to maintain sessions, and they last for 1 year, or until the user expires them. It places a cookie on their computer to track the session key, and it checks to make sure the cookie is present, if not, then it adds the session key to the url, and it's passed to every page.

With that said, I am about to add the Shopping Cart functions to our site. Should I create ANOTHER MySQL table to hold all the shopping cart items, OR Should I just put them in the session?

I don't know what would be best. I think that if it was in the session then it would be easier to maintain, and the session keys are pretty hard to guess, but since they are passed to EVERY page, in the event the user does not accept cookies, then it would be fairly easy for a hacker to sniff it out, and then just add the session key to their session, and take it over.

Also of note, however, is the fact that I'm using PayPal to process orders, so I don't maintain any financial data, so it would not benefit a hacker to hijack a session, since they could not get any finanical data anyways.

What would YOU do?

I would like to read about what you personally, as a perl guru or not, would do.

thx,
Richard

Title edit by tye

In reply to Should I add shopping cart items to session table or create new table? by powerhouse

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.