Cart

Guest and logged-in users have separate carts; cart IDs are stored in backend-managed cookies. Details below.

Cart ID Storage

Cookie names are currency-specific:

• Guest: cart-guest-{currency} (e.g. cart-guest-USD)
• Logged-in: cart-logged-{currency} (e.g. cart-logged-EUR)

Cookie attributes:

• HttpOnly, SameSite strict
• Max age: 30 days (configurable)
• Each currency has its own cart; switching currency shows a different cart (or no cart if none exists). Currency is derived from the current language/locale

Login Flow

• Before login — Backend captures the guest cart ID if present
• During login — Platform merge endpoint is called with the anonymous session token; guest cart is merged into the customer's cart
• After successful login:
  • Backend deletes the guest cart cookie
  • Backend retrieves the active (merged) cart and sets the logged-in cart ID cookie
  • Frontend invalidates cart queries to refetch

The frontend does not perform cart merging.

Logout Flow

Backend:

• Deletes all cart ID cookies (guest and logged-in)
• Clears authentication tokens

Frontend:

• Clears React Query cache for cart and customer data
• Sets cart data to null

After logout the user has no cart; a new guest cart is created when the first item is added.

The frontend does not manage cart IDs; it relies on the backend for cookies and state.

Back to Cart & authentication · Back to How to work with SHOPin