Should session cookies survive a browser restart?

Forum Moderators: phranque

Message Too Old, No Replies

Should session cookies survive a browser restart?

Tonearm

1:29 pm on Dec 3, 2015 (gmt 0)

I'm faced with the decision of whether or not session cookies should persist after a browser restart in my online store. The benefit is that a user's shopping cart contents would persist. The drawback would be that, since I allow guest checkout, their name/contact/address info would also persist if it were entered while checking out. That could cause a privacy issue on a public computer, but should a user be expected to clear their cookies if they don't want their data sticking around?

piatkow

2:01 pm on Dec 3, 2015 (gmt 0)

That could cause a privacy issue on a public computer, but should a user be expected to clear their cookies if they don't want their data sticking around?

Do you seriously imaginie that any non geek thinks that a cookie is anything other than an American name for a biscuit?

engine

4:13 pm on Dec 3, 2015 (gmt 0)

I agree, you cannot expect the average user to even think of deleting cookies. I know several that have no clue about cookies, and they aren't interested in knowing.

As it's a security issue, users ought to be informed that their session ending (browser closing) will lose their details, and explain why. It could even have the option of public computer or private computer to save the cookies. If it's a private computer, and they accept your options, the cookies could persist. Make it an explanation in simple terms so they don't have to work out what a cookie is, and what to do about it.