session_id() is a random number that is always unique, so you wouldn't have to generate one.
A cookie wouldn't work for your use case since it wouldn't be available from another device, it would just persist on the original device.
I wouldn't bother saving the cart contents with a session_id() since they wouldn't be able to retrieve the cart unless they log in anyway. Just tell them to log in to save their cart contents, and save it based on their userid in the database only when they are logged in. You don't need the random id... it doesn't really give you anything.
Then when someone logs in you can automatically retrieve the cart from the database into a recordset and use "Get Cart Contents from Recordset" to populate the cart. It won't remove the existing items from the cart, you would have to add the Clear Cart server behavior manually if you wanted to do that.