[ic] Retain shopping cart after browser restart
Grant
emailgrant at gmail.com
Wed Dec 9 23:51:34 UTC 2015
>> If I decide to set the expiration time of session cookies, I can't think
>> of anywhere a user's entered data is displayed in a session besides on the
>> checkout form. If I prevent that, is their data still potentially readable
>> somehow?
>
>
> The session data is no more or less readable with a permanent cookie than it
> is with what you have now, except that it survives closing the browser. So
> as Josh mentioned, if someone logs in at a public computer at a library,
> school, Internet cafe, etc., it'll be logged into their account until the
> session expires. You have to figure out what the security implications of
> that are for your site -- there's no one right answer about what you should
> do there.
On my site, the session data is only readable on the checkout page and
I would like to keep it readable there because I think it's convenient
for the customer. Given that, I don't think it's a good idea to keep
sessions alive after a browser restart on my site. I'll tinker with
cart-cookie. Thank you Josh and Jon.
- Grant
More information about the interchange-users
mailing list