Creating the shopping cart
Now that the user can see and navigate the products for sale, the next step is to add a cart that allows them to make selections before checking out. For the SportsStore application, cart data will be handled using sessions, so that product selections are discarded when the session expires.
Adding configuration support for secrets
The SportsStore application will use cookies to associate requests with a session, and those cookies will be signed to prevent them from being altered. The signing and validation process requires a secret key, known only to the application.
Secret keys and, more broadly, any secret information, can be difficult to manage. The basic rule is that secrets should not be hard-coded into the application because that makes them impossible to change without releasing a new version of the application into production.
But, aside from not hard-coding, the details of how secrets are managed depend on the application, the development...
