How do you bind the cookie contents with the basket? For instance if you use the database/sessions, you remove the reference from it, in which case it doesn't matter if the customer's browser re-sends the cookie as the server will check with the database and can ignore certain references from it because you remove these references right at the end of the purchase.

For instance using cookie session
$_SESSION['visit'] = array(
'cart' => $cart_contents,
'download_items' => array('test1.zip', 'test2.zip')
);
// if successful purchase
unset($_SESSION['visit']['cart']);

Sessions are also stored as cookies.

I suppose database tracking is an option buts seems a bit overkill and will put extra strain on the server.

I do have a backup solution which I've used before and this involves passing a session ID between domains, I was hoping for something even more straight forward though that could be done just using cookies.

I'd just set specific cookie expiration times, not session cookies, make them short, and let them expire. You can even modify the PHPSESSID cookie to facilitate this if you use PHP sessions - unless you're configured to use session ID's as query strings when cookies can't be set, this will be the most straightforward fix.

Otherwise one way is to pass the cookie value as a post/get variable to and from https, and use that value to update/delete the cookies accordingly on either side. A little complicated, but I've done it. Don't like it though. :-)

its much harder to track and monitor cookies without a point of reference. And that reference it has to be stored somewhere. You can use files if you think the database is an overkill, but from my experience that becomes even more difficult to manage.

Auto sessions I tend to avoid unless its for a dedicated tiny script. Best to use session handlers as you have complete control over expirations and session management, plus the PHP default session handling isn't great.