[ic] Retain shopping cart after browser restart

Grant emailgrant at gmail.com
Wed Dec 9 23:51:34 UTC 2015


>> If I decide to set the expiration time of session cookies, I can't think
>> of anywhere a user's entered data is displayed in a session besides on the
>> checkout form.  If I prevent that, is their data still potentially readable
>> somehow?
>
>
> The session data is no more or less readable with a permanent cookie than it
> is with what you have now, except that it survives closing the browser. So
> as Josh mentioned, if someone logs in at a public computer at a library,
> school, Internet cafe, etc., it'll be logged into their account until the
> session expires. You have to figure out what the security implications of
> that are for your site -- there's no one right answer about what you should
> do there.


On my site, the session data is only readable on the checkout page and
I would like to keep it readable there because I think it's convenient
for the customer.  Given that, I don't think it's a good idea to keep
sessions alive after a browser restart on my site.  I'll tinker with
cart-cookie.  Thank you Josh and Jon.

- Grant



More information about the interchange-users mailing list