yep though remember when using cookies that users can hack them and change what they say in them. so you must design about this.
for example you save all the item id numbers in the cookie
when you call them back to your website
first run the value though mysql_real_escape_string()(could change it too sql injection)
run a loop to make sure the item number exsist in your dater base est
other than thaht you are find though for any logins are data senstive stuff user sessions hope this helps