function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
lescclarkcpdlescclarkcpd 

session ID - public access & authentication when using a cart

Hi

 

I have created a cart that is available to unauthenticated users via my site.  It uses session ID to identify cart items.  It works fine.  To 'checkout' users must authenticate, and login as an AWU, this works fine.  

 

However, once logged in SF issues a new session ID which means that I am unable to tie up the cart items from when they where previously un-authenticated.

 

Any suggestions as to how I can overcome this:

 

- I appreciate that I  could ask all public users to authenticate prior to checking out but this doesn't suit workflow but yes they need to authenticate for other reasons.

- can I pass the 'unauthenticated' session ID through the login process

- start again !! ie another suggested way to build a cart that may overcome this problem

 

thanks

 

 

joshbirkjoshbirk

The second one would require a custom login page and controller - but I'm not sure it would work as the login functionality doesn't offer much control over information in a pre and post logged in state (for similar reasons - it's very different sessions).

 

Any chance the domain remains the same?  Or are you using a Sites instance with a custom domain that changes after login?

lescclarkcpdlescclarkcpd

thanks for the reply.

 

That's what I ended up doing -  I logged the session ID onto each newly created cart item, passed the session ID via the browser bar when logging on, and used the controller to look for items with the old session ID and change it to the new sessionID.  It works fine, with a couple of exceptions.  It seems (logically??) that every time you use a different controlller you start a new session and get a new session ID,not particularly usefulwhen you don'tknow what you're doing !!!!

 

btw the domain remains the same - but could be that the domain changes to https though.  Will have a look