Current best way to get logged in customer id

David_W
Tourist
15 0 3

I'm looking for some advice on the best way to get the current logged in customer id. Right now I rely on app proxy pages, but I'm not really happy with that solution. I've seen people use some Javascript supplied by Shopify to check a variable:

 

__st.cid

But it doesn't seem like it's intended to be used by developers and could change without notice. What solutions are people finding the most success with? Are there any plans to have better support for this in the near future?

Replies 9 (9)

Sagar_Khadke
Shopify Partner
94 2 21

Hello,

 

You can use liquid for the same. You can get current user's customer id by => {{ customer.id }}

Have something to say? Or need to say Hi! just mail me at sagar.khadke03@gmail.com or visit https://sagarkhadke.myshopify.com
jimmypoulsen
Visitor
1 0 0

Hi Sagar,

 

Can I also use this in a HTTP response from a proxy URL if the Content-Type is set to 'application/liquid'? My response relies on the customer that is currently logged in.

jayelkaake
Shopify Partner
8 0 2

2 words of caution for anyone using liquid to grab the customer ID:

 

1. Be wary of caching.

If the store is using some aggressive (especially CDN-level caching) then it may cache pages with the wrong customer ID.

 

Properly configured caching shouldn't have this issue, but all know that the rush to "make your site faster" don't always do things properly.

 

Using `__st.cid` is a better alternative for this reason than the liquid variable as it is not cacheable via CDN.

 

2. Frontend customer ID isn't secure.

Never trust the customer ID you get from liquid or JavaScript.

 

You can use the sha256 liquid filter with a secret code (like your app's secret yet) to securely identify the customer instead.

jayelkaake
Shopify Partner
8 0 2

Just clarification - the only place you should have customer details in the templates is for pages that require a login.

 

DO NOT include {{ customer.email }} in places like the theme.liquid or product pages or it will be cached by Shopify's CDNs and may leak to other customers.

kcin1993
Shopify Partner
63 0 5

Hi, Davie_w

I think the __st.cid is a good solution. 

If you want to make sure the logged customers data is correct. You can use the ScriptTag API to achieve.

 

1. Add a script resource to store via ScriptTag API

2. In the script use the __st.cid to get the current customer's ID

3. Save the result from the step.2 in browser's localstorage and your app can access it

 

Does it work for you?

kcin1993
Shopify Partner
63 0 5

My above solution might have some issue. 

The cid save in the localstorage will meet the issue of different.

If your app is embed via ScriptTag, I think the best solution is using the Post Message way to transport the cid between two domain.

Pritam_Roy
Shopify Partner
5 1 12

Hi, You can get the customerid from the window object but the specification is always changing and different customers may be using different versions.

I am using a function like this in my apps-

  var getCustomerId = function() {
    try {
      let curr = window.ShopifyAnalytics.meta.page.customerId;
      if (curr !== undefined && curr !== null && curr !== "") {
        return curr;
      }
    } catch(e) { }
    try {
      let curr = window.meta.page.customerId;
      if (curr !== undefined && curr !== null && curr !== "") {
        return curr;
      }
    } catch (e) { }    
    try {
      let curr = _st.cid;
      if (curr !== undefined && curr !== null && curr !== "") {
        return curr;
      }
    } catch (e) { }
    try {
      let curr = ShopifyAnalytics.lib.user().traits().uniqToken;
      if (curr !== undefined && curr !== null && curr !== "") {
        return curr;
      }
    } catch (e) { }
    return null;
  }

Hope this helps !!

smart387
Visitor
2 0 0

My question is how to test this functionality in dev store? So far we are not able to make our dev store accept shop customer login, or  I'm missing something?

Andthink
Visitor
2 0 1

You just have to enable in settings/checkout you can chose to make accounts optiona lor mandatory, default is disabled