This is what I'm trying to accomplish, I'm just wondering what is the best method for this.
I have a standard e-commerce site. When a client browses a site, the contents of his cart are stored in a var session. The cart is NOT stored in the database unless the customer checks.
Now, sometimes a customer calls the call center before he actually places an order. He then asks questions about his cart — I want agents on the other hand to be able to retrieve the contents of the cart.
I thought about encrypting the session identifier on the client side, and then represented the “cart ID” on the cart page so that the client could transfer the agent over the phone. Then I will decrypt the session identifier, and the agent will be able to access the contents of the basket directly on the cart.php page.
My questions:
- It is safe? No, where along the way do I store client personal information in a session. Only the contents of the basket.
- What will be my best encryption method here?
- Is there an easier way to achieve this?
source
share