A space to discuss online store customization, theme development, and Liquid templating.
I'm building a cart save/share app that fetch data from an app proxy server for display cart history on a page of the online store.
I do not want to user to have to sign in to save a cart. It would be a hassle, a bad user experience to ask them to sign in simply just to save a cart.
But here's the problem:
Since Shopify Proxy does not allow cookies, how can one establish a persistent session in order to track guest users?
In a very old post, some suggested using private/public key to sign and retrieve user id with private key stored safely in liquid. Before I go ahead to implement something similar, I'm wondering if anyone else have any better workaround?
Solved! Go to the solution
This is an accepted solution.
I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse.
If you find out better way to tackle persist session proxy, do drop a line.
I have a similar issue. Did you find any solution to this?
I'm looking into browser fingerprint. You can also pass session id in URL if your app does not concern data security.
This is an accepted solution.
I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse.
If you find out better way to tackle persist session proxy, do drop a line.
Shopify strips all cookies in proxy requests. I hope they can keep at least one. For ex: session_id, token... so we can ease the pain.
Shopify strips all cookies in proxy requests. I hope they can allow cookies with a prefix like this:
"proxy_{APP_ID}_"
For example: "proxy_123456_token"
So we can ease the pain.