ShopSite Forums

[JamesAHall]

I am trying to set up an order system for a subscription web site. We already use Shopsite for non-subscription items, and we'd like to use it along with the Automatic Recurring Billing from Authorize.net with this new subscription site.

Once a user creates an account on our site (it will initially be inactive), they will be directed to Shopsite to purchase the subscription. Once they are done I want to use the Shopsite Order API to activate their account by writing to our SQL database.

Is there some way, when I direct the customer to Shopsite, to pass along some information that can be contained within the order to properly identify them? Once they place the order I will need to know which account to activate. I could look at the email address and match it up with the email address on their user account, but that seems like a poor solution. I'd like to be able to include some custom data in the order that I could then read out of the order using the Order API.

Is that possible?

Thanks.

[JamesAHall]

Ok, from doing more digging, it would appear we need to upgrade to pro. Then I can add a hidden custom field that I will somehow pre-populate with the user ID (not sure how I do this). I can then get this value in the Order API after the order has completed and use it to update our DB.

What is the best way to pre-populate a field in ShopSite? Pass the value in the URL and read it out with JavaScript?

[Jim]

To pre-populate date you would probably need to put it in a cookie and then read the cookie when the shopper goes to the store. Note that your domain name must be the same in order for the cookie to be written by a store page and read by the shopping cart. An you must make the domain name broad enough that the cookie can be read by both the secure and non secure version of the url.

[JamesAHall]

Hmmm, that could be a problem, as the store already exists on one domain and this new subscription site will be a new domain. We were hoping to be able to do everything from one ShopSite store and not have to create a new one.

If the new domain redirects to the shopsite store on the old domain when you need to make a purcahse, is there any way to pass data? You can't do it through the URL? And you can't read a cross domain cookie?

[Jim]

The ShopSite cgis don't allow passing of additional parameters in the url as that is interpreted as a vulnerability by security validation software.

Cookies are designed to only be read by the domain that writes the cookie. To do otherwise is called cross-site scripting that is another security flaw.

You might find code other there on the web that will allow you to do something about reading cookies from one site on another but ShopSite does not support it.

[JamesAHall]

I have a workaround. I can redirect the user to a page on our other domain with the parameter in the URL. Then that page can write the cookie and redirect to the shopsite page. I'll then be able to read the cookie on the shopsite page.

The data in question really isn't a security issue, so there would be no benefit to anyone to hit the redirect page with bogus info. Still, I can probably do something with a hash to make it hard for someone to make a bogus hit on that page.