[ic] Retain shopping cart after browser restart

Jon Jensen jon at endpoint.com
Thu Dec 3 14:15:41 UTC 2015

On Thu, 3 Dec 2015, Grant wrote:

> If I decide to set the expiration time of session cookies, I can't think 
> of anywhere a user's entered data is displayed in a session besides on 
> the checkout form.  If I prevent that, is their data still potentially 
> readable somehow?

The session data is no more or less readable with a permanent cookie than 
it is with what you have now, except that it survives closing the browser. 
So as Josh mentioned, if someone logs in at a public computer at a 
library, school, Internet cafe, etc., it'll be logged into their account 
until the session expires. You have to figure out what the security 
implications of that are for your site -- there's no one right answer 
about what you should do there.


Jon Jensen
End Point Corporation

More information about the interchange-users mailing list