- We are using Cakephp framework version 2.0.6
- The site is “supposed” to allow an anonymous user to “add to cart.”
- We are using the session id (using cake’s native session class) to store the anonymous user’s information in a db table.
- When the user goes to checkout, then we want to ask “are you a current member? If so, click yes to login or no to create an account.“
ISSUE:
Regardless of what they choose, the user either then has to login, or create a new user/pass (and then login) which is causing cakephp to regenerate a session ID. This is making it impossible in the new session to grab what that user added to the cart when they were anonymous just 5 minutes prior. In other words, the anonymous user’s session id changes between when they are anonymous and after they login/create-user, making it impossible to identify their cart post-login.
Is there a way to prevent cakephp from regenerating a session in this scenario, or a better way to accomplish what we are trying to do while still keeping our order flow (ie: anonymous being allow to add to cart, before login/create)?
It is this reason that shopping carts are more often than not stored in Cookies. That way you can easily retrieve the saved information post-authentication.
If you insist on using Sessions to store this data, consider setting your Security.level setting to ‘low’. That should prevent CakePHP from regenerating the session ID.