It is possible to create a site outside of CheckoutChamp that has login capability to a Membership Portal. Any user that logs in will remain logged in when navigating between the sites. The user may also checkout using their card on file.
Assumptions
This document is for developers attempting to link a non-CheckoutChamp site (“Shopping”) and a CheckoutChamp site (“Checkout”) with a single sign-on. A returning consumer can login on the Shopping site and remain logged in as they navigate between Shopping, Checkout, and Membership sites.
There are 3 sites available
A Shopping site (not in CheckoutChamp)
A Checkout site (in CheckoutChamp)
A Membership login page (in CheckoutChamp). This can be part of a larger Membership Portal, but it can also be only a login page.
You have a choice to place these sites on the same domain and/or subdomain. Checkout and Membership pages can be in the same funnel within CheckoutChamp. If they are in different funnels those funnels must use the same root domain but can use different subdomains.
Login (when Shopping site is on a different root domain)
Login adds a cookie to the Membership site root domain. That cookie contains an access token that expires in 24 hours. Members must login again after 24 hours. Since the Checkout site and Membership site have the same root domain, they will share cookies and will be automatically logged in. Since the Shopping site is on a different root domain, it needs to include an iframe to the Membership site to read the cookie.
Steps to activate login:
Place some kind of Login option on the Shopping site. When the Login option is chosen, redirect the user to the CheckoutChamp membership login page. The proper redirect format is https://www.membership.com/login?redirectToMe=https://www.shoppingsite.com/home
“www.membership.com/login” is the CheckoutChamp login page URL
“https://www.shoppingsite.com/home” is the Shopping site page where the user is to be returned after successful login
Place the following script into the body of all pages in the Shopping site
Set the membershipdomain variable on line 2 to your Checkout domain. This should be the domain only, not a specific page.
Set the shoppingdomain variable on line 3 to your Shopping domain. This should be the domain only, not a specific page.
For Chrome, Firefox, and Edge browsers, line 22 displays the returned value from the login event. The line can be removed. It is listed here as an starting point to display login information on the Shopping site, such as a first and last name. This is optional.
Safari browsers need additional attention to properly store the SSO cookie [Chandra - I do not understand the steps in your document. Let us work on steps that are obvious to less experienced developers. Please provide an example.]
<script> var membershipdomain = "https://www.membership.com"; var shoppingdomain = "https://www.shoppingsite.com"; var ifrm = document.createElement("iframe"); ifrm.setAttribute("id", "ifmcrossoriginid"); ifrm.setAttribute("name", "ifmcrossorigin"); ifrm.setAttribute("src", membershipdomain + "/iframe.html?shoppingdomain=" + shoppingdomain); ifrm.setAttribute("class", "btn-primary"); ifrm.style.width = "109px"; ifrm.style.height = "36px"; ifrm.style.border = "none"; if(!navigator.userAgent.includes("Chrome") && navigator.userAgent.includes("Safari") && document.referrer === membershipdomain){ ifrm.style.display = "block"; document.getElementById("modal_request_access").appendChild(ifrm); } else { ifrm.style.display = "none"; document.body.appendChild(ifrm); } window.addEventListener("message", (event) => { if (event.origin !== membershipdomain) return; // This event.data will have the first name and the last name. console.log(event.data); } , false); function logoutMembership(){ var iframe = document.getElementById('ifmcrossoriginid'); var win; try { win = iframe.contentWindow;} catch(e) { win = iframe.contentWindow;} win.postMessage("logout", membershipdomain); } </script>
Logout (when Shopping site is on a different root domain)
The script in the Login section contains a logoutMembership() function. Call this function when the user logs out. The user will be logged out from both the Shopping site and Checkout site. It is advised to also remove any login information that you previously saved in the browser, such as user first and last name.
Login (when Shopping site is on same root domain)
Login adds a cookie to the root domain. That cookie contains an access token that expires in 24 hours. Members must login again after 24 hours. Since all the sites have the same root domain, they will share cookies and will be automatically logged in.
Place some kind of Login option on the Shopping site. When the Login option is chosen, redirect the user to the CheckoutChamp membership login page. The proper redirect format is https://member.shoppingsite.com/login?redirectToMe=https://www.shoppingsite.com/home
“member.shoppingsite.com/login” is the CheckoutChamp login page URL
“https://www.shoppingsite.com/home” is the Shopping site page where the user is to be returned after successful login
Once the user is redirected back to the shopping site, access document.cookie to read the user information. You can also add the following script to read the cookie and add it as a separate javascript objects.
const cookieData = {}; if (document.cookie) { var cookies = document.cookie.split(";") cookies.forEach(function (d) { var cookieName = d.split("=")[0].trim(); var cookieVal = d.split("=")[1].trim(); if (cookieVal) { cookieData[cookieName] = cookieVal; } }) }
Logout (when Shopping site is on same root domain)
Add the following script to the Shopping site. Execute clearCookies() when the user logs out. If you wish to keep some cookies specific to the Shopping site, then rewrite clearCookies() to retain the desired cookies.
function clearCookies() { const cookies = document.cookie.split("; "); cookies.forEach((cookie) => { const name = cookie.split("=")[0]; if (name) { setCookie(name, "", false); } }); document.cookie = ""; } function setCookie(name, value, allowCrossOrigin){ var sameSite = allowCrossOrigin ? "; SameSite=None; Secure" : ";"; document.cookie = name + "=" + value + "; domain=" + document.domain.split('.').reverse().splice(0,2).reverse().join('.') + sameSite; }