For starters, it offers a some protection against someone maliciously modifying the url and passing &cart_id=ID_TO_CART_I_DONT_OWN
. See https://www.owasp.org/index.php/Top_10_2010-A4.
You're also saving yourself a database lookup by getting the cart from the session [although rails is pretty good with db caching by default]. About it possibly failing, what happens if the record no longer exists by the time you hit the "Delete Cart" button ? Cart.find(params[:id])
will raise an exception that you're not handling, the second method will handle the exception and fail quietly; this is not necessarily always a good thing.