Hi,

Aren't you going to need a cookie anyway, to track the users id, even if you have the data in a database?

The only alternative would be to have a session-id in the url, and have the user re-authenticate at each repeat visit. This is not a big problem, except that those urls can't be bookmarked.

I believe you have to add a P3P HTTP header to keep MSIE6 happy with the cookie, but otherwise it shouldn't be a problem.

René.

Consumers who shop the internet are pretty well resigned to cookies, from what I can tell. Even my one associate who is a fanatic about not accepting cookies as a rule, mentioned to me last week that he has given in when it comes to online shopping.

I actually store my shopping cart id in the URL and it is parsed by a cgi script that generates the html. The shopping cart id does bookmark.

It looks like, consumers treat cookies as a fact of life now. This is way different from 1998, when I first started, where cookies were considered by big privacy deal.

Cookies are passe now as near as I can tell. I live in a mostly rural area and I rarely hear anyone mention cookies anymore while just 5 years ago, I heard a lot of grumbling and fear. I think you'd be safe using them.

I converted one online store to use cookies about a year ago. It was previously using the cart number embedded in the URL. There have been no negative effects.

BTW: IE6.0 will accept first party cookies without a P3P policy when it is set at it's default setting (medium), and the next higher setting (medium high). Having a P3P policy will only give you ONE additional setting (high).

In the entire year that I have gone to cookies, there have only been 3 entries for IE6 in my failed cookie log!