The question is simple. In session or in cookies? Or maybe somewhere else? How many of you write cart modules? Where do you keep it?
Usually this way: for unauthorized users, the data is stored in the session, for those authorized already in the database.
In most implementations, the basket is stored in sessions. In my opinion it is right. First, you can choose how to store sessions in the database as well as in cookies. Session as well as the basket is tied to the current session of this user.