Session Data vs. cookies vs. Query Strings

#1 Tue, 02/12/2008 - 15:15

Posts: 151
Joined: 08/07/2007

Lyle is correct. If you are going to store any sort of persistent data for a user, a session is the most secure way of doing it. The basis of the problem is that http was designed to be stateless. query strings, then cookies, and finally sessions were all created to overcome this "shortcoming" in http.

In order to do e-commerce over http you just about have to have some sort of system to keep the state of the customers. In the past, people have been reluctant to depend on sessions or cookies because they were insecure and or many customers didn't support cookies. At this point sessions are (when correctly implemented) secure, and only a very, very small percentage of web users don't support cookies.

As a result, Ubercart requires sessions. It would be very difficult to make Ubercart work without sessions or cookies, and it would only be used in very rare circumstances, so I don't think it is worth it.

Hopefully you can convince your people that they should use sessions.
Peace,
Andy

Calling all Ubercart gurus... By: noobercart (19 replies) Mon, 02/11/2008 - 23:13

Re: Calling all Ubercart gurus... By: torgosPizza (02/12/2008 - 01:36)
- Hi torgos, Thanks for the By: noobercart (02/12/2008 - 07:56)
  - Re: Hi torgos, Thanks for the By: Insurrectus (02/12/2008 - 14:17)
  - noobercart wrote:They By: Ryan (02/12/2008 - 11:37)
  - Re: Hi torgos, By: Lyle (02/12/2008 - 10:38)
    - Session Data vs. cookies vs. Query Strings By: Andy (02/12/2008 - 15:15)
      - Upselling also unlikely By: Jmmb (02/12/2008 - 15:53)
        Re: Upselling also unlikely By: torgosPizza (02/12/2008 - 16:10)
        Re: Re: Upselling also unlikely By: Jmmb (02/13/2008 - 15:09)
        Hi torgos, I tried to figure By: noobercart (02/17/2008 - 23:31)
        Re: Hi torgos, I tried to figure By: Lyle (02/18/2008 - 10:40)
        Thanks Lyle, Is there a way By: noobercart (02/18/2008 - 21:50)
        populate the term data By: bowwowadmin (02/18/2008 - 22:18)
        Re: populate the term data By: noobercart (02/27/2008 - 13:56)
        Re: Re: Upselling also unlikely By: noobercart (02/12/2008 - 22:18)
        Re: Re: Re: Upselling also unlikely By: noobercart (02/12/2008 - 22:55)
        Re: Re: Re: Re: Upselling also unlikely By: torgosPizza (02/12/2008 - 23:42)
        Hi torgos, Easy is relative. By: noobercart (02/13/2008 - 07:43)
        Re: Hi torgos, Easy is relative. By: torgosPizza (02/13/2008 - 12:40)

	Drupalcon DC
	Vote now to learn more about Ubercart in these sessions: Ubercart on Drupal 6

	Ubercart Affiliates
	Find payment and hosting services in our Affiliate Directory that support Ubercart development.

	User login
	Username: * Password: * Create new account Request new password

	Fast Invoicing
	We use and recommend FreshBooks for project time tracking and client invoicing.

Ubercart

Session Data vs. cookies vs. Query Strings

Navigation

Drupalcon DC

Ubercart Affiliates

User login

Fast Invoicing