Loading

Error on Order Confirmation Page (Order-Confirm) When Order Placed Successfully in B2C Commerce

Publiceringsdatum: Dec 17, 2025
Beskrivning

On the B2C Commerce platform, if a user signs in with the "Remember me" checkbox ticked and then goes inactive for 30 minutes, when they return the session is unauthenticated but still tied to that customer. While in this state, placing an order places it as a guest user, because the session customer hasn't been re-authenticated. But, the checks in place to prevent unauthorized order access then think it was placed by a different customer, causing the order confirmation page to display an error despite the fact that the order has already been placed successfully. That is, it is specifically viewing the order which errored, not placing it.
This can create confusion for end customers who think the order was not placed successfully, given the error, which could lead them to attempt to place the same order again.

Lösning

To solve the issue, prevent registered customers from placing guest orders – in other words, force users to either reauthenticate or log out fully. Obviously one wants to catch such cases early, no matter what part of the shopper journey they're on – not just when they start checkout, as they could have spent time creating a basket only to lose it and have to start over.

To accomplish that, you could create a dw.system.request.onRequest hook which detects a session in this state and redirects the user to the login page. The login page would have the usual "log in" and "create account" choices, but also another along the lines of "continue without logging in", which would simply log them out fully (URLUtils.url('Login-Logout')). You could add some sort of warning if they have an existing basket which would be at risk of being lost.

Importantly, the code excludes a few pipelines necessary for logging in or out, so that doing so is actually possible and not stopped by the hook. It also will not redirect __Analytics-Start, to avoid affecting analytics. Excluding ConsentTracking-* allows the OOTB tracking/cookie consent modal to function.

For instructions on registering hooks, see SFRA Hooks

'use strict';

/**
 * (dw.system.request.onRequest hook)
 * Detects a timed-out "remember me" session and redirects to force re-authentication or logout
 * @returns {dw.system.Status} Hook exit status 
 */
exports.onRequest = function() {
    // If a user is registered but not authenticated, they signed in with rememberMe=true and the session has since expired
    const isExpiredRememberMeSession = session.customer.registered && !session.customer.authenticated;
    // Check whether the current pipeline is excluded from the authentication check
    const excludedPipelines = [
        'Login-Show',                 // GET login form
        'Account-Login',              // POST login form
        'Login-Logout',               // Logout endpoint
        '__Analytics-Start',          // Analytics initialization
        'ConsentTracking-GetContent', // Tracking/cookie consent modal
        'ConsentTracking-SetConsent', // Tracking/cookie consent confirmation/denial
        'ConsentTracking-SetSession', // DEPRECATED non-CSRF(!) tracking/cookie consent confirmation/denial - should not actually be in use
        'ConsentTracking-Check'       // Remote-included by page.isml
    ];
    const isExcludedPipeline = excludedPipelines.some(pipeline => request.httpPath.endsWith('/' + pipeline));
    // If the session is applicable and the pipeline isn't in the exclusion list, redirect to login page
    if (isExpiredRememberMeSession && !isExcludedPipeline) {
        // Show clear messaging on login page to indicate cause of redirection
        response.redirect(dw.web.URLUtils.url('Login-Show'));
    }
    // Either the session is not applicable for the redirect or we are in an excluded pipeline
    return new dw.system.Status(dw.system.Status.OK);
};
Knowledge-artikelnummer

000628442

 
Laddar
Salesforce Help | Article