...
A user does not need to be authenticated to add to their cart. Aptify now assigns unique anonymous tokens to unauthenticated users. These tokens are assigned to the cart in the TokenId field as part of the Ensure Active Cart Exists process flow. When an anonymous user converts to an authenticated user the global event AfterServicesLogon is fired. An synchronous event handler takes care of updating the cart associated with the current anonymous token to the newly authenticated user. If the user already had an active cart associated with their web user id, that cart is moved to Saved status so the current shopping experience is preserved.
Sensitive Data in the Order
Since we're serializing the order to plain text XML and storing it on the shopping cart record, it is imperative the shopping cart entity plugin stops sensitive data from being written out. If the order has payment information written out the Web Shopping Cart entity plugin will reject the save. The stock system looks for:
- CCAccountNumber being populated on the Order
- PaymentInformationID being > 0 on the order
- the _xCCSecurityNumber temporary field being set
If there is additional information on your order related to payments, you should extend the Web Shopping Cart entity plugin and add additional checks.