This is an unusuall topic about how (the layout) authentication should be on
a site using MS Commerce Server.

I need any advice i can get regarding this issue, plz:

An anonymous user can add items to his (anonymous) basket, but cannot
proceed to check out or access the account related pages.

If the anonymous user logs on /create a new account then his basket is
migrated to the authenticated account and deleted from the anonymous account
.
(althouh I think there should be a page that asks the user about moving the
basket or start shopping from scrath)

If the authenticated user doesn't log out and the "remember me" is not set
during logon. then his session expires.
If the user selectes the "remember me" option during log on then even after
his session expires the website still remembers him. But he is still require
d
to log on to access the checkout page or edit account info.

Is this algorithm good enough or should there be other steps/procedures to
handle users ??

[ Post a follow-up to this message ]

Hi Steve,

That sounds like a pretty standard approach to authentication in B2C
commerce scenarios.  I don't think I would bother the user with requesting
confirmation on movement of the basket during authentication though.

Cheers,
Colin

"Steve" <Steve@discussions.microsoft.com> wrote in message
news:A630E783-C4CC-47CE-830B-D34C94CDBF28@microsoft.com...
> This is an unusuall topic about how (the layout) authentication should be
> on
> a site using MS Commerce Server.
>
> I need any advice i can get regarding this issue, plz:
>
> An anonymous user can add items to his (anonymous) basket, but cannot
> proceed to check out or access the account related pages.
>
> If the anonymous user logs on /create a new account then his basket is
> migrated to the authenticated account and deleted from the anonymous
> account.
> (althouh I think there should be a page that asks the user about moving
> the
> basket or start shopping from scrath)
>
> If the authenticated user doesn't log out and the "remember me" is not set
> during logon. then his session expires.
> If the user selectes the "remember me" option during log on then even
> after
> his session expires the website still remembers him. But he is still
> required
> to log on to access the checkout page or edit account info.
>
> Is this algorithm good enough or should there be other steps/procedures to
> handle users ??

[ Post a follow-up to this message ]