Brother Monks:
Here's something I've meditated on, but seem no closer to enlightenment:

Say someone is shopping in a cookieless store, one that encrypts and stores session id info in the url.

What if that shopper is looking at an item, and thinks "Joe Blow would be really like this!" and copies and sends the URL to Joe Blow. Now the session information that allows the creation of a shopping cart is in the URL sent to Joe Blow. What's the best way to avoid Joe Blow having access to the original shoppers cart?

Having the temporary id that's sent in the URL expire after an hour or so would break the cart for the legitimate shopper, unless you had them login before shopping to establish a relationship with the session id. I don't think that's a very elegant solution, and I could see security problems.

The way I'd really like shopping to work is it's anonymous, until the shopper wants to "check out." I think that's a better experience.

Putting a "recommend this item to a friend" button with the session id info stripped is only a partial solution, it doesn't fix the fundamental problem.

IP addresses obviously won't work.

What are some of your ideas?


In reply to The sound of one cookie (not) authenticating by Hero Zzyzzx

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.