Have your say in Community Polls: What was/is your greatest motivation to start your own business?
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Re: Session persist in Proxy for guest users

Solved

Session persist in Proxy for guest users

chenster
Shopify Partner
134 5 30

I'm building a cart save/share app that fetch data from an app proxy server for display cart history on a page of the online store.

I do not want to user to have to sign in to save a cart. It would be a hassle, a bad user experience to ask them to sign in simply just to save a cart.

 

But here's the problem:

Since Shopify Proxy does not allow cookies, how can one establish a persistent session in order to track guest users? 

In a very old post, some suggested using private/public key to sign and retrieve user id with private key stored safely in liquid.  Before I go ahead to implement something similar, I'm wondering if anyone else have any better workaround?

 
Cartoo
Accepted Solution (1)
chenster
Shopify Partner
134 5 30

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo

View solution in original post

Replies 5 (5)

JamesAB
Excursionist
18 0 9

I have a similar issue. Did you find any solution to this?

chenster
Shopify Partner
134 5 30

I'm looking into browser fingerprint. You can also pass session id in URL if your app does not concern data security. 

Cartoo
chenster
Shopify Partner
134 5 30

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo

ChrisNguyen
Shopify Partner
15 0 1

Shopify strips all cookies in proxy requests. I hope they can keep at least one. For ex: session_id, token... so we can ease the pain. 

Shopicial - Community forum.
Xenforum - Customer Support forum.

ChrisNguyen
Shopify Partner
15 0 1

Shopify strips all cookies in proxy requests. I hope they can allow cookies with a prefix like this:

"proxy_{APP_ID}_"

 

For example: "proxy_123456_token"
So we can ease the pain. 

Shopicial - Community forum.
Xenforum - Customer Support forum.