How to log in an user (web context) via user's id

I have an odd question and I will require a solution. I wrote a custom payment class (FAC) for minishop2 to take credit card payments via the website. FAC requires you to securely post the credit card information + the amount to their API. To do this, you generate a curl call which then generates some JavaScript code and return that call to your page. That call will then redirect to their gateway and process the payment.

Here is the issue that I’m finding… whenever the code redirects to their gateway, something in that code is ending the users’ session (both web + mgr). The payment is still processed (successful, failed, etc) but because the users’ session was ended, the user will have to log in again to see the payment results.

Here’s my question, if I have the user’s id when the payment is submitted, can I log in the user again once the result is returned? If so, how can I do this?

Does the code delete the MODx cookie? Maybe you can check in the developer tools of the browser (tab “Storage”).

It is deleting the PHPSESSID.

It seems to me that without the cookie, you would need another way to authenticate the user (when he makes the next request).

Maybe you can issue a JWT token for that and then run a custom login processor that extends modSecurityLoginProcessor. (I’m not sure if this is a good idea though, as it will potentially create new security issues.)

Can I temporary store that cookie in a session, restore it and then destroy that session? Could that be a security risk? Would it even work?

Lol now re read your message properly