A session id should not be much more than a key used to get state information kept on the server side. Common ways to implement this are:

Cookies
Pretty standard, supported by most (current?) browsers although disliked by some users. Tend to remain in the computer, so this may be an issue with users in public access terminals.
Hidden (or not so) variables
Usually complicate your design and may get in the way. A variant, using visible variables with the GET method can be problematic if the user bookmarks the page (the variable will stay with the link forever).
Mangled URIs
Similar to exposed GET HTTP variables, this technique consists in mangling the URI to keep there the session id.

(I may have left some other way outside of this node). Keep in mind that it should be as hard as possible/practical to guess the value of another user's session id. In your case, this may lead to leaked user information or tampered carts.

If you configure it properly with mod_usertrack, Apache will supply a good enough cookie to your users, which you may use for referencing the data you keep on the server side. This of course, requires users to accept your cookies.

You'll find modules such as Apache::Session to be of help, although looking at your question, I wonder if following the CGI::Application path wouldn't be a better choice.

As implied by my above statements, never use the session id to directly store the information you want to preserve. By its nature, the session id comes and goes from the client to the server and back. Not following this advice, may lead to compromised customer information (the session info you kept in the id) or even succesful attacks against your web application, as an attacker may forge the contents of the session id. Sorry if you already knew this or if I sound alarmist, but in my line of work, I find this mistake over and over again.

Best regards

-lem, but some call me fokat

In reply to Re: using session ids by fokat
in thread using session ids by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.