A shopping cart application is more difficult to implement than it
may seem. Because the HTTP protocol is stateless,
a Web server regards every connection as entirely new, with no
relationship to any previous or future connections.
Most modern Web Commerce sites use the concept of a Web
session -- a series of Web requests and responses
linked together by a state variable called a session
identifier. A first visit to the sites "home page" creates
a new session, and the HTTP response is associated with a new
session identifier, or SID. All subsequent transactions are somehow
labelled with the same SID.
The session identifier is commonly a (very) large random number
and/or text string possibly combined with a (hashed) combination of
the some other client information -- maybe the IP address of the
client.
Session management can be rather messy on the server, since
information must be maintained about all "current" sessions, and
decisions must be made as to the deletion of "expired"
sessions.
There are three Web technologies availabe to support session
management: Hidden Fields, Cookies and URL-embedded Information. Modern
practice is to use a "belt-and-braces" approach, incorporating all
three.