[ic] Retain shopping cart after browser restart
Jon Jensen
jon at endpoint.com
Thu Dec 3 14:15:41 UTC 2015
On Thu, 3 Dec 2015, Grant wrote:
> If I decide to set the expiration time of session cookies, I can't think
> of anywhere a user's entered data is displayed in a session besides on
> the checkout form. If I prevent that, is their data still potentially
> readable somehow?
The session data is no more or less readable with a permanent cookie than
it is with what you have now, except that it survives closing the browser.
So as Josh mentioned, if someone logs in at a public computer at a
library, school, Internet cafe, etc., it'll be logged into their account
until the session expires. You have to figure out what the security
implications of that are for your site -- there's no one right answer
about what you should do there.
Jon
--
Jon Jensen
End Point Corporation
https://www.endpoint.com/
More information about the interchange-users
mailing list