Forum OpenACS Q&A: ecommerce, new-user registration behavior

Regarding openacs4.6.3 installations, new-users (not logged in, not yet registered) using ecommerce,

/ecommerce/www/checkout.tcl appropriately redirects new-users to /ecommerce/www/register using:

    ec_redirect_to_https_if_possible_and_necessary

However, these files redirect to the standard openacs /register:

    ecommerce/www/review-submit.tcl
    ecommerce/www/mailing-list-add.tcl
    ecommerce/www/shopping-cart-save.tcl
    ecommerce/www/account.tcl

The result is that new-users lose user_session_id cookie and shopping basket contents etc.

Each file contains something like this near the beginning:

  if {$user_id == 0} {
      ad_returnredirect "/register?[export_url_vars return_url]"
      ad_script_abort
  }

Since these files are exposed to unregistered users (via links), shouldn't these files instead use:

    ec_redirect_to_https_if_possible_and_necessary

..so that the ec user_session_id is not lost (including shopping basket contents etc.)?

In the same way, http://domain/ecommerce/shopping-cart presents a "log in" link that points to /register

Would it be more consistent to have shopping-cart use the /ecommerce/register link for similar reasons?

If so, what should the link include (referer=shopping-cart)? Is it cleaner to link to a new file shopping-cart-register.tcl that includes ec_redirect_to_https_if_possible_and_necessary and otherwise redirects back to shopping-cart?

Torben

Collapse
Posted by Bart Teeuwisse on
Torben,

you are spot on. All ecommerce pages should use the same login track.

Ideally, ecommmerce should work with the common OpenACS login track. And it can, but does require some work. I belief that there's a patch in the old bug tracker over at sdm.openacs.org that could serve as an initial start. Hopefully a new ecommerce maintainer can rip out the ecommerce login track and  change ec_redirect_to_https_if_possible_and_necessary so that it uses the common OpenACS login track.

In the meantime I would suggest to use ec_redirect_to_https_if_possible_and_necessary with the ecommerce login pages.

/Bart

Collapse
Posted by Brad Duell on
Barts right.  Ecommerce definately doesn't need a seperate registration pipeline (it adds so much more overhead to the package customization and debugging process, not to mention it's redundant).

The patch I submitted back in the day is at:
http://sdm.openacs.org/sdm/one-patch.tcl?patch_id=437

We've had our ecommerce site up for a year (and I've developed a few other ecommerce sites) without needing the secondary registration process.

I'll check into a fresh copy of 5.0 to see how this patch applies to the package in it's current state.

Collapse
Posted by Torben Brosten on
Thanks for the confirm, Bart.

Brad,

I find it useful for 4.6.3 ecommerce to use a separate registeration, because new-users who have to register as part of making a purchase can be presented with a custom registration notice that would not make sense if presented from elsewhere on the website.

I haven't checked yet, but hope Openacs5 /register offers a generalized application of context aware (subsite?) custom login messages. If not, I'll have to see what it takes to add it.

Collapse
Posted by Brad Duell on
I can see a custom message being useful, but not at the expense of an entirely new authentication pipeline.

I don't think it would be hard to do what you want if it's not already in the toolkit.

Collapse
Posted by Torben Brosten on
Right, Brad. No, of course, not at the expense of a standardized solution. It's just exceptionally convenient that the separate ecommerce registration exists for openacs4.6.3. =)