FROM CACHE - en_header
Promotion image
Solved

Session persist in Proxy for guest users

chenster
Shopify Partner
134 5 29
‎05-24-2021 05:57 PM

I'm building a cart save/share app that fetch data from an app proxy server for display cart history on a page of the online store.

I do not want to user to have to sign in to save a cart. It would be a hassle, a bad user experience to ask them to sign in simply just to save a cart.

 

But here's the problem:

Since Shopify Proxy does not allow cookies, how can one establish a persistent session in order to track guest users? 

In a very old post, some suggested using private/public key to sign and retrieve user id with private key stored safely in liquid.  Before I go ahead to implement something similar, I'm wondering if anyone else have any better workaround?

 
Cartoo
1,529 Views
1 Like
Report
Accepted Solution (1)
In response to chenster

chenster
Shopify Partner
134 5 29
‎05-27-2021 09:30 PM

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo

View solution in original post

1,441 Views
1 Like
Report
Replies 5 (5)

JamesAB
Excursionist
18 0 9
‎05-27-2021 03:51 AM

I have a similar issue. Did you find any solution to this?

1,480 Views
0 Likes
Report
In response to JamesAB

chenster
Shopify Partner
134 5 29
‎05-27-2021 12:41 PM

I'm looking into browser fingerprint. You can also pass session id in URL if your app does not concern data security. 

Cartoo
1,457 Views
0 Likes
Report
In response to chenster

chenster
Shopify Partner
134 5 29
‎05-27-2021 09:30 PM

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo
1,442 Views
1 Like
Report

ChrisNguyen
Shopify Partner
13 0 1
‎03-13-2022 04:57 AM

Shopify strips all cookies in proxy requests. I hope they can keep at least one. For ex: session_id, token... so we can ease the pain. 

Shopicial - Community forum.
Xenforum - Customer Support forum.
1,237 Views
0 Likes
Report

ChrisNguyen
Shopify Partner
13 0 1
‎03-13-2022 09:38 AM

Shopify strips all cookies in proxy requests. I hope they can allow cookies with a prefix like this:

"proxy_{APP_ID}_"

 

For example: "proxy_123456_token"
So we can ease the pain. 

Shopicial - Community forum.
Xenforum - Customer Support forum.
1,177 Views
0 Likes
Report
Terms of Service Privacy Policy