Hey there Samuel!
Bo here from Shopify Support.
I did some digging into this for you as it was a super interesting question. I spoke with our technical team and found that the cookies used in connection with customer login, as outlined here are Secure_customer_sig and storefront_digest. For security reasons these cookies expire after a twenty-four-hour interval and this is not something that we can change from our side. However, your customers will be able to change the expiration date on the cookie for their own browsers as per this guide. What I would recommend here is to post a link to that guide somewhere on your store or even as part of your Customer Account Notification E-mail. You can read up on editing notification e-mails in this doc which can be found in our help center the home of all our help docs.
You mentioned that keeping your customers logged in was a requirement for your store. Could you expand on this a bit? Why is it that your customers need to remain logged in? Any additional context would be hugely appreciated as I may be able to find an alternative for you or at least send back your feedback to our developers as to why this is so important!
Let me know how this goes and if there is anything else I can help you with, I'm happy to help!
All the best,
Thank you Bo, really appreciate your quick and detail reply.
The reason why we want our customers remain logged in is, we want to modify cart page to show customers' previous bought items so that they can easily repurchase them. I checked liquid document, to do that, we need to get the custom object and then get the order history, while custom object is only valid when customer is logged in.
If the cookie is expired after 24 hours, then next day customer can't see previous bought item in cart page unless he/she login again.
We're hoping to keep customer logged in until he/she log out manually, or at least provide an option to customer to keep logged in on the login page, I see some websites have this option.
we want to modify cart page to show customers' previous bought items so that they can easily repurchase them.
1 Set your own cookie at the cart when customer goes to checkout
2 Recheck, or set, cookie a) if the customer navigates back to the store after shopifys secure checkout
b) customer visits store before 24hours log out happens.
If your cookie exists use the data , or prompt with Call to Actions.
What data is set in the cookie is stuff like the product|variant id, qty , price,discount,city. DO NOT set private info like name, street address save that for after a prompt to login.
Note after 24 hrs they will remain logged out even with your custom cookie so when they start checkout again unless your requiring accounts.
Remember to keep cookies small they have to share a ~4K limit per domain with all other cookies
Keep in mind this only works as long as cookie persists so things like private browsing or user clearing cookies makes this fragile, more robust needs user|agent fingerprinting(like using ip address).
Hey there Samuel and Paul!
I would agree with Paul here, Samuel. As there is no way for us to alter the cookie's expiry date from our side as this is something that the customer would need to do from their own browser it would be the best course of action!
All the Best,
The cookie that is supposed to be associated with login which is secure_customer_sig doesn't expire after 24 hours. It expires after 20 years or so. The cookie that does expire after 24 hours is called secure_session_id. When secure_session_id expires and the customer goes on to the site. The server checks for secure_session_id and sees that it's not there and it sets the value of secure_customer_sig to null(empty value). I figured this out by removing the secure_session_id cookie and reloaded the page and it set the value of secure_customer_sig to null.
If security reasons means that the browser is setting the expiration date to 24 hours, then why doesn't the browser not set the expiration date of the cookie secure_customer_sig to 24 hours? They are both flagged as httponly and secure.
I may be missing something but all I know is that our customers are getting frustrated with logging in every time they checkout or when they want to see their account. We are losing sales because of this and we don't explanation for our customers.
My company also face the same problem. It's good if Shopify can make the choice of cookie expiry date available to our customer / us.
Telling them to go 'technical' and change the cookie themselves in their browser setting is not so realistic.
We tried increasing the "secure_session_id" cookie expiration time but still, the user got logged out after ~2 days. Are we missing something here?
Can you help us here as we really need sticky login on our site? Thanks in Advance.
I notice that the customers have to log in every time they place an order, is there no way the customer would be auto-logged in and stay that way unless he or she logs out himself. Logging in, again and again, is making my conversion rate low.
Also is there any way I can add a ''Add to home screen'' button when customers log into my website? That way they can go in like an app to my store fast.