Join us for an upcoming Shopify Partner webinar on February 27, 2024. Discover the latest Checkout Extensibility features, and deep dive on improvements to Shopify Functions and Web Pixels. Register now for either the 10am EST or 2pm EST sessions.
Solved

Session persist in Proxy for guest users

chenster
Shopify Partner
134 5 29

I'm building a cart save/share app that fetch data from an app proxy server for display cart history on a page of the online store.

I do not want to user to have to sign in to save a cart. It would be a hassle, a bad user experience to ask them to sign in simply just to save a cart.

 

But here's the problem:

Since Shopify Proxy does not allow cookies, how can one establish a persistent session in order to track guest users? 

In a very old post, some suggested using private/public key to sign and retrieve user id with private key stored safely in liquid.  Before I go ahead to implement something similar, I'm wondering if anyone else have any better workaround?

 
Cartoo
Accepted Solution (1)
chenster
Shopify Partner
134 5 29

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo

View solution in original post

Replies 5 (5)

JamesAB
Excursionist
18 0 9

I have a similar issue. Did you find any solution to this?

chenster
Shopify Partner
134 5 29

I'm looking into browser fingerprint. You can also pass session id in URL if your app does not concern data security. 

Cartoo
chenster
Shopify Partner
134 5 29

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo

ChrisNguyen
Shopify Partner
13 0 1

Shopify strips all cookies in proxy requests. I hope they can keep at least one. For ex: session_id, token... so we can ease the pain. 

Shopicial - Community forum.
Xenforum - Customer Support forum.

ChrisNguyen
Shopify Partner
13 0 1

Shopify strips all cookies in proxy requests. I hope they can allow cookies with a prefix like this:

"proxy_{APP_ID}_"

 

For example: "proxy_123456_token"
So we can ease the pain. 

Shopicial - Community forum.
Xenforum - Customer Support forum.