Session persist in Proxy for guest users

Solved
chenster
Shopify Partner
132 5 21

I'm building a cart save/share app that fetch data from an app proxy server for display cart history on a page of the online store.

I do not want to user to have to sign in to save a cart. It would be a hassle, a bad user experience to ask them to sign in simply just to save a cart.

 

But here's the problem:

Since Shopify Proxy does not allow cookies, how can one establish a persistent session in order to track guest users? 

In a very old post, some suggested using private/public key to sign and retrieve user id with private key stored safely in liquid.  Before I go ahead to implement something similar, I'm wondering if anyone else have any better workaround?

 
Cartoo
Accepted Solution (1)

Accepted Solutions
chenster
Shopify Partner
132 5 21

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo

View solution in original post

Replies 5 (5)
JamesAB
Excursionist
18 0 9

I have a similar issue. Did you find any solution to this?

chenster
Shopify Partner
132 5 21

I'm looking into browser fingerprint. You can also pass session id in URL if your app does not concern data security. 

Cartoo
chenster
Shopify Partner
132 5 21

This is an accepted solution.

I think I figured this out. In scripttag, javascript document.cookie should do the trick. The draw back is one must pass it back to the server side with HTTP GET or POST. If you are not too concerned about data security e.g. session hijacking, leave it be. it would be better using a simple encrypt or decrypt technique to cypher values stored in cookies. There are javascript based PGP, but it's overkills for my purpse. 

If you find out better way to tackle persist session proxy, do drop a line.

Cartoo
ChrisNguyen
Shopify Partner
7 0 0

Shopify strips all cookies in proxy requests. I hope they can keep at least one. For ex: session_id, token... so we can ease the pain. 

ChrisNguyen
Shopify Partner
7 0 0

Shopify strips all cookies in proxy requests. I hope they can allow cookies with a prefix like this:

"proxy_{APP_ID}_"

 

For example: "proxy_123456_token"
So we can ease the pain.