How can a PHP e-commerce site maintain shopping cart items seamlessly when users log in or shop as guests, without relying solely on session IDs?
u could store carts in a db using unique tokens for guest users so items persists when they log in. this merge process is more reallible than relying solely on session ids and works even if sessions expire.
Hey, I was wondering if anyone has experimented with leveraging encrypted cookies to manage cart state? I mean, instead of just relying on sessions, you could store a small, secure snippet of cart data right on the client side. Then, when the user logs back in or even moves between devices, you could use that encrypted info to rebuild their shopping cart state without too much overhead. It might need some careful handling to prevent tampering (like using HMAC or similar methods), but it could be a neat way to keep things in-sync even when the session expires on the server. Has anyone tried something like this in production? What challenges did you face in terms of security or data merging when the user logs in? I’d love to hear your thoughts on balancing client convenience with robust server-side validation.