The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

Session persistence with SSO implementation

I'm having trouble persisting sessions using fcsid with an SSO implentation. I am basically storing the fcsid with my site's user record, so that when they log in again I can restore their Foxy session. However, the Foxy loader js seems to always assign a new fcsid value even when I have set that cookie first. Am I going about it wrong?
Comments
  • brettbrett FoxyCart Team
    Hi @puremoxie. That's an interesting approach. What's your cart session lifespan in the "advanced" settings page in your admin? It's possible the session's dead by the time you're testing.

    If that's not the case, there may be something technical that's causing a problem, like the domain you're setting the cookie for.

    That said, we're working on a customer portal, and part of that is allowing a slightly different way of handling authentication, particularly as it relates to authenticating a Foxy customer on your site (and setting a cookie there). It's somewhat separate from the cart cookie, but I'm curious about your overall approach, as I'd love to see how what we're doing might or might not fit in (and, if it makes sense, perhaps keeping your use case in mind as we're continuing to develop the customer portal).
  • I currently have the lifespan set to 240 hours in admin.

    I'm testing by closing the browser and immediately reopening and logging in as a user to my site, so I don't think it is a lifespan issue. I do notice when inspecting the fcsid cookie in the browser that its expiration is set to "session." In theory, that shouldn't be a problem if I set it back to what it was before as soon as my user logs in. The loader js isn't included unless someone is logged in.
  • fc_adamfc_adam FoxyCart Team
    @puremoxie,

    Thanks for the additional details. Could we confirm with you how you're currently attempting to re-apply the existing session ID when the customer logs back in?
  • I'm just setting $_SESSION['fcsid'] from PHP.
  • I should be using setcookie() instead of setting to PHP's session variables. However, even when I set my own fcsid cookie and have it expire in 10 days prior to any Foxy loading, as soon as Foxy is loaded the fcsid cookie is overwritten by the loader.
  • Okay, my bad, it wasn't the loader. I had a script to retrieve the cart for display on my site and changing the following:
     FC.client.request('https://'+FC.settings.storedomain+'/cart)
    to
    FC.client.request('https://'+FC.settings.storedomain+'/cart?fcsid=<?=$_COOKIE['fcsid']?>')
    solved my problem.
  • fc_adamfc_adam FoxyCart Team
    @puremoxie,

    Sorry for the delay - glad you were able to get it working!
Sign In or Register to comment.