[ic] long-lived sessions/carts?

Grant emailgrant at gmail.com
Wed Feb 22 17:44:53 UTC 2012

>>>>> I'm currently expiring sessions after 2 days:
>>>>> find /cat/tmp -type f -mtime +2 | xargs --no-run-if-empty rm && find
>>>>> /cat/tmp -depth -type d -empty -mtime +2 | xargs --no-run-if-empty
>>>>> rmdir && find /cat/session -type f -mtime +2 | xargs --no-run-if-empty
>>>>> rm && find /cat/session -depth -type d -empty -mtime +2 | xargs
>>>>> --no-run-if-empty rmdir
>>>>> Has anyone tried waiting much longer than that?  Maybe 30, 60, or even
>>>>> 90 days?  When I'm shopping online, I've noticed it's nice to add
>>>>> something to my cart and come back much later to find the item still
>>>>> in there without having to create an account.
>>>> You could always do a saved-cart routine, which sets a cookie for the
>>>> user and saves their cart in a table. Then, when they come back, you can
>>>> reload their cart if the cookie is present.
>>> That makes sense to me.  What about saving the SKUs and quantities of
>>> the items in the cart in the cookie itself?
>> Better to just have the cookie be a key into a table with that data.
>> There are limits to how much you can store in a cookie.
> Why not have your session expiration script only remove session that do not contain a shopping cart?

>From a security perspective, I think this would create too much
exposure for the sensitive information contained in sessions with a
shopping cart.

- Grant

More information about the interchange-users mailing list