Shopping cart persistence: $_SESSION or browser cookie?

Question

On an e-commerce site with no username/login to persist cart data, would it be better to use the PHP $_SESSION variable or a browser cookie to persist items in the shopping cart

Answer 1

Some points to help:

Cookies:

• info is persisted untill the cookie expires (what can be configured by you);
• tend to slow down the communication between server and client, since it has to be exchanged between the two in every request/response;
• its an insecure form of storing data and easy to sniff;
• they also have a limit to store data.

Session:

• all information is persisted in the server, thus not been exchanged with the client.
• because it is not shared across the network, its a bit more secure;
• all info is lost when the session ends;
• If you are hosting in a shared host, you may have problems with session ending in the middle of a operation due to a push on the resources by any of the sites hosted on the same server.

I would personally go with sessions, since I'm assuming to be a small/meddium auddience page. If it grows, you would be better with a simple DB structure to store this data, with a maintenance plan to get ridge of unnecessary data (eg: clients that choose some products but don't do the checkout).