Shopping cart best practices

[allspiritseve]

I'm building a shopping cart. I would like to keep items in the cart in the database. That means I need to tie the db information to the session. I can either store the session id in the database, or store a cart id in the session. Is one better than the other?

Most carts tend to keep information for a long time. Should I extend the session expiration length to a day? a week? a month? infinite? Or should I be setting a cookie with an extended expiration date, and using the standard for sessions?

Are there any other best practices I should know about?

[Dan Grossman]

Session IDs are not guaranteed to be globally unique over all time, while your cart IDs are, so storing the cart ID in the session is better than storing the session ID in the cart.

I'd advise against extending the session expiration time... you have to keep all those sessions around on your server, whereas if you use cookies, the cookie gets stored by the client, not you.

[allspiritseve]

Session IDs are not guaranteed to be globally unique over all time, while your cart IDs are, so storing the cart ID in the session is better than storing the session ID in the cart.

I'd advise against extending the session expiration time... you have to keep all those sessions around on your server, whereas if you use cookies, the cookie gets stored by the client, not you.

Good points. Cookies it is.