Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Cookies are used for all kinds of session state management besides auth. Your shopping cart, for example, depends on them. Without cookies, the server would have to send the entire state of the session in each response, and the client would have to send that entire state back on every request. Cookies allow the client and server to exchange only a small token that the server can use as a key to state storage.

Even if you could shrink that state down to something reasonably small, it still introduces the problem of the client and server getting the state out of sync.



I mean that's not really true - TCP allows a persistent connection so you could totally just keep the shopping cart for the duration of the time that the user is on the website and /not/ use a cookie.


> TCP allows a persistent connection

Let me gently refer you to the classic paper from 1994, "A Note on Distributed Computing".


Apologies - I've read through the paper and I can't see your point. You'll have to elaborate I'm afraid.


Then perhaps a shorter summary in the form of the 8 fallacies of distributed computing would be clearer. https://arnon.me/wp-content/uploads/Files/fallacies.pdf


Even if you were using a desktop computer, it seems unreasonable for both the website and most users to lose the cart information every time you put your computer to sleep.

But it becomes much worse with mobile devices, such as a phone. I don't want to lose the state of my browser tabs every time I get into an elevator.


I'm not certain whether it's unreasonable or it's become an expected norm; you don't expect to be able to leaving a shopping cart full if you're leaving a physical shop, for example.

I guess it very much depends on your usage - I wonder the proportion of users who add to a shopping cart and go back to it without creating an account.

Of course, we're also ignoring session local storage, in memory storage etc... for alternate solutions.


Ah, yes, I was commenting on the TCP connection, which doesn't strike me as a solution.

Local storage is another story and probably a good alternative to storing something server-side, at the cost of more back-and-forths to validate data isn't outdated.

> I'm not certain whether it's unreasonable or it's become an expected norm; you don't expect to be able to leaving a shopping cart full if you're leaving a physical shop, for example.

It has become the norm, which is why it's (IMO) unreasonable to change that. Realistically, for a solution to be doable it needs to allow for saving the cart state, as otherwise websites will simply resist the change.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: