Now, the security of this session is as good as the security of your database, because it's stored in the database. None of it is exposed to the user beyond the exposure your database has to the user. Which, in most cases, is good enough.
I wanted to use sessions instead of the database to minimize unneccesary database calls, is this really an issue?
I don't know - have you seen an issue? In 99.999% of all situations, rearranging code to minimize X is a bad plan, because X isn't a problem. For example, let's say that by having the maximum number of database calls, your pages return, on average, in 3 seconds. Is 3 seconds a problem? I don't think so ...
Now, let's say that you can rearrange your code, making it harder to work with, and shave 50% off of your database usage. You end up taking twice as long to make a change, but your database time is down by 50%. Since database calls, in my experience, usually account for either 20% or 80% of the total time most applications spend on a request, you either saved 10% or 40%. This brings your 3s response time to 2.7s or 1.8s. Even in the best case, I don't think most users will even notice you did anything.
Now, database call optimization can be important, but only when you start receiving above 3-5 requests per second. Anything below that is easily handled by most modern databases, including MySQL, when running on most modern machines.
I don't want a growing shoppingcart table, Tanktalus had a good point considering if this data could be of any intrest?
Do you want to know what people are buying? Do you want to know when they're buying it? Do you want to know who bought what? Most retailers would kill for this information, but you're not sure. Riiiight.
For example, let's say you have a product ABC. ABC seems to be purchased almost exclusively between 10pm and 3am. So, maybe you want to start targeting users that login during those times and mentioning "You might want to look at product ABC." Or, you might want to do something like Amazon does - "People who bought ABC also bought these items".
This is the heart of your store, man! You lust for this information. Plus, you might be legally required to gather this information, depending on where you are and what you're selling. For example, if you sell some items that are age-restricted and some that aren't, you may have to prove that all the age-restricted items were purchased by users that had verified their age in some fashion. The only way you can do that is if you have a complete history of all purchases.
And, if you have that complete history, you can do neat things like provide copies of receipts for a dollar. :-)
Being right, does not endow the right to be rude; politeness costs nothing.
Being unknowing, is not the same as being stupid.
Expressing a contrary opinion, whether to the individual or the group, is more often a sign of deeper thought than of cantankerous belligerence.
Do not mistake your goals as the only goals; your opinion as the only opinion; your confidence as correctness. Saying you know better is not the same as explaining you know better.
In reply to Re^2: Code Design Issues
by dragonchild
in thread Code Design Issues
by boboson
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |