On 17 July 2010 18:11, Jeremy Shipman <[email protected]> wrote: > Hi guys, I was in discussion with Nicolaas about this topic before it > was posted here. We've been thinking about the way the SilverStripe > eCommerce cart could work in future. The system was originally built > to store the cart data in the session, then save it to the database. > Ultimately we want to reduce the core code to only what is necessary. > put cart information in session will make your cart adapts to more situations. for example: some one just want to sell one product online and do not need database to store orders, they just want after a client finishing a checkout, all cart information will be send back to stored owner and the client by email. by the way , "store cart information" just mean store some IDs or names. it does not mean, store whole information at 2 different place.
> Can anyone comment any specific security risks storing form data in > the session, as opposed to in the database if you are doing multi-step > forms for example? save cart information in database is not "safer" than save in session. I think you have confused with "security" and "obscurity"? > > @Neven: Could 'not needing to clean up the database' be such a > benefit? But to clean up may be as little as a few lines of code run > every so often. I also agree with Nick, that stored info could be > useful to analyse. do you mean if your cart stored in session leads to "not needing to clean up the database"? > > Regarding speed - I'm guessing there could be little noticeable > difference using session or database, particularly with the average > order/cart size being so small. On the other hand if there is a lot of > activity on the site, session could be faster...as I think simon is > suggesting. Can anyone comment on this? they should not have any speed different, store in session / store in DB is a IO bound activity, no CPU bound activity. unless you store all cart information in memory. -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
