Announcement

Collapse
No announcement yet.

Determining if user is logged in.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Determining if user is logged in.

    I have some custom pages that are only accessible when the user is logged in. I use code like this to determine if a user is logged in:

    <mvt:if expr="NOT g.Customer:id">
    <mvt:exit />
    </mvt:if>

    However this doesn't seem to work fully. Let's say I compare a page that I have made "MYCUSTOMPAGE", to a built-in page ACLN (account landing page). Let's say I copy the links below from another user who is logged in on another PC.

    https://www.example.com/mm5/merchant...n=MYCUSTOMPAGE

    https://www.example.com/mm5/merchant...39&Screen=ACLN

    If I paste the first link into my browser, then it successfully opens MYCUSTOMPAGE (which is what I don't want).
    If I paste the second link in, it takes me to the log in page (which is what I want). How can I get my custom page to work like the ACLN page? Is it using cookies? (But I tried disabling cookies and it still worked.)

    I have toolkit installed.

    Note: I have the basket timeouts set to a very long time so users stay logged in.

    #2
    You can do something like this to redirect them to the login screen if they are not logged in:

    Code:
    <mvt:if expr="NOT g.basket:cust_id">
        <mvt:assign name="l.header" value="miva_output_header( 'Status', '302 Found' )" />
        <mvt:assign name="l.header" value="miva_output_header( 'Location', 'https://www.domain.com/mm5/merchant.mvc?Screen=LOGN' )" />
    
    </mvt:if>
    Brennan Heyde
    VP Product
    Miva, Inc.
    [email protected]
    https://www.miva.com

    Comment


      #3
      Thanks. I am aware of that. It looks like the URL's in my post are being trimmed by the forum software, I didn't notice that before. A key point is that the URL's include the session ID (hover over the link or copy to a text file to see that).

      That particular session ID is just bogus, but the idea is that it is from another browser/computer. If I paste that into my browser, whether or not I am logged in, the first link opens MyCustomPage successfully (i.e. it thinks I am logged in, which is not good). On the other hand, the second link takes me to the LOGN page, which is the behaviour I am trying to achieve.

      Andrew
      Last edited by AndrewP; 01-14-16, 04:57 PM.

      Comment


        #4
        Depending on how important privacy is on those pages, using a global variable would not be a good gaurentee. You'd want to actually test the customer's ID using either an availability group or perhaps using the gating features of our Developer Sandbox model (which can gate a page by IP OR actual Customer ID.
        Bruce Golub
        Phosphor Media - "Your Success is our Business"

        Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
        phosphormedia.com

        Comment

        Working...
        X