SHOPin Logo
Skip to main documentation content

Anonymous sessions

Overview

Anonymous sessions let guest users interact (e.g. view products, manage carts) without logging in. They are created automatically when needed (e.g. on the first cart operation), stored in HTTP-only cookies (encrypted and signed), and are required for guest cart operations and guest checkout. The frontend does not manage them; the backend creates and stores tokens transparently.

How It Works

  1. Request — When a cart operation is attempted and no access token exists, the system requests an anonymous token from the ecommerce platform.
  2. Response — The platform returns an access token and refresh token with scopes for anonymous users.
  3. Storage — Tokens are stored in HTTP-only cookies with metadata indicating anonymous vs authenticated. They expire per platform token lifetime and can be refreshed automatically.
  4. Guest cart — The guest cart ID is stored separately in the cart-guest-{currency} cookie (see Cart).

Login and Logout

  • Login — The anonymous session token is passed to the platform login endpoint, which merges the guest cart. After login, anonymous tokens are replaced with customer tokens and the guest cart cookie is replaced with the logged-in cart cookie. See Cart — Login Flow.
  • Logout — All tokens and cart ID cookies are cleared. A new anonymous session is created automatically on the next cart operation. See Cart — Logout Flow.

Frontend

No manual session handling is needed. The useCart() and useAddToCart() hooks work for both guest and authenticated users; the backend handles anonymous sessions and cookie state.

Back to Cart & authentication · Back to How to work with SHOPin