Regarding openacs4.6.3 installations, new-users (not logged in, not yet registered) using ecommerce,
/ecommerce/www/checkout.tcl appropriately redirects new-users to /ecommerce/www/register using:
ec_redirect_to_https_if_possible_and_necessary
However, these files redirect to the standard openacs /register:
ecommerce/www/review-submit.tcl
ecommerce/www/mailing-list-add.tcl
ecommerce/www/shopping-cart-save.tcl
ecommerce/www/account.tcl
The result is that new-users lose user_session_id cookie and shopping basket contents etc.
Each file contains something like this near the beginning:
if {$user_id == 0} {
ad_returnredirect "/register?[export_url_vars return_url]"
ad_script_abort
}
Since these files are exposed to unregistered users (via links), shouldn't these files instead use:
ec_redirect_to_https_if_possible_and_necessary
..so that the ec user_session_id is not lost (including shopping basket contents etc.)?
In the same way, http://domain/ecommerce/shopping-cart presents a "log in" link that points to /register
Would it be more consistent to have shopping-cart use the /ecommerce/register link for similar reasons?
If so, what should the link include (referer=shopping-cart)? Is it cleaner to link to a new file shopping-cart-register.tcl that includes ec_redirect_to_https_if_possible_and_necessary and otherwise redirects back to shopping-cart?
Torben