Tuesday, April 2, 2019

Behavior of a Shopper's Authentication Status in the Web Store when the Web Browser is Closed and Re-launched

Shoppers need to log in to the web store in order to submit their orders securely through NetSuite's secured checkout pages.


In the event that the browser suddenly crashes, or the browser is closed accidentally, the shopper can re-launch their browser, go back to the web store, and find that they are still logged in. Once they navigate to any of the secured pages of the web store, they are again asked for their username and password even if the web store shows that they are logged in.


The reason for this is because the shopper's Entity ID still exists in the source code of the web store caused by caching on the browser.


This is made by design so that any information can be restored using caching and cookies to make the user shopping experience as smooth as possible.


As per the example above, once the browser crashes or is closed accidentally, the information in the cart can be recovered to continue shopping experience once the browser is re-launched. This is the reason why the Sign Out link still shows on the Web Store to indicate that the shopper is in a semi-authenticated state.


However, when the shopper crosses into the checkout domain where data becomes more sensitive, they will be required to make a secure complete authentication (re-login).



Note: An Enhancement request has already been filed for the ability to retain the authenticated (logged-in) session of the shopper even if the browser crashes/closed and re-launched. This is under Enhancement #244323.

No comments:

Post a Comment