How to log in an user (web context) via user's id

random_noob · October 11, 2021, 4:41pm

I have an odd question and I will require a solution. I wrote a custom payment class (FAC) for minishop2 to take credit card payments via the website. FAC requires you to securely post the credit card information + the amount to their API. To do this, you generate a curl call which then generates some JavaScript code and return that call to your page. That call will then redirect to their gateway and process the payment.

Here is the issue that I’m finding… whenever the code redirects to their gateway, something in that code is ending the users’ session (both web + mgr). The payment is still processed (successful, failed, etc) but because the users’ session was ended, the user will have to log in again to see the payment results.

Here’s my question, if I have the user’s id when the payment is submitted, can I log in the user again once the result is returned? If so, how can I do this?

halftrainedharry · October 11, 2021, 5:09pm

Does the code delete the MODx cookie? Maybe you can check in the developer tools of the browser (tab “Storage”).

random_noob · October 11, 2021, 5:32pm

It is deleting the PHPSESSID.

halftrainedharry · October 11, 2021, 6:29pm

It seems to me that without the cookie, you would need another way to authenticate the user (when he makes the next request).

Maybe you can issue a JWT token for that and then run a custom login processor that extends modSecurityLoginProcessor. (I’m not sure if this is a good idea though, as it will potentially create new security issues.)

random_noob · October 11, 2021, 7:26pm

Can I temporary store that cookie in a session, restore it and then destroy that session? Could that be a security risk? Would it even work?

random_noob · October 11, 2021, 7:27pm

Lol now re read your message properly