As I feared. A cookie hidden in the HTTP headers is not the way to
implement this! Just think about it from the customer's point of
view: With a real shopping basket, I can see at all times what I've
collected so far. I can compare what's there with my budget, and
with other competitive products that I come across. As a result of
my comparisons, I can take products out at any time and put them
back on the shelf. Your solution compares poorly with a cardboard
box :-)
Instead, like any client-side state, the shopping basket makes most
sense as a document -- something the user can see and act upon.
And like any association, the relationships tying various "vendor
stalls" with the associated shopping basket should be established
using links.
So rather "solving" the problem by adding complicated statefulness
to HTTP (a future nightmare, in my opinion), a better investment
would be to think about how to rectify the Web's primitive model for
linking and navigation of documents -- one of its key strategic
weaknesses.
P.S. I'm still in favor of a Session-ID proposed by Brian
Behlendorf/Dave Kristol, which has the more modest purpose of
allowing reliable (but not secure) identification of anonymous
users.
--------------------------------------------------------------------
Paul Burchard <burchard@math.utah.edu>
``I'm still learning how to count backwards from infinity...''
--------------------------------------------------------------------