[Bug]: Cart for authenticated user is being presented to unauthenticated user #10645
Comments
|
You can work around this by resetting the cart cookie when signing out of the storefront, which will result in a new cart being created. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package.json file
{ "name": "medusa-starter-default", "version": "0.0.1", "description": "A starter for Medusa projects.", "author": "Medusa (https://medusajs.com)", "license": "MIT", "keywords": [ "sqlite", "postgres", "typescript", "ecommerce", "headless", "medusa" ], "scripts": { "build": "medusa build", "seed": "medusa exec ./src/scripts/seed.ts", "start": "medusa start", "predeploy": "medusa db:migrate", "dev": "medusa develop", "test:integration:http": "TEST_TYPE=integration:http NODE_OPTIONS=--experimental-vm-modules jest --silent=false --runInBand --forceExit", "test:integration:modules": "TEST_TYPE=integration:modules NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit", "test:unit": "TEST_TYPE=unit NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit" }, "dependencies": { "@medusajs/admin-bundler": "2.1.2", "@medusajs/admin-sdk": "^2.1.2", "@medusajs/cli": "^2.1.2", "@medusajs/framework": "^2.1.2", "@medusajs/medusa": "^2.1.2", "@medusajs/workflows-sdk": "2.1.2", "@mikro-orm/core": "5.9.8", "@mikro-orm/knex": "5.9.8", "@mikro-orm/migrations": "5.9.8", "@mikro-orm/postgresql": "5.9.8", "awilix": "^8.0.1", "express": "^4.21.2", "pg": "^8.13.1", "zod": "^3.24.1" }, "devDependencies": { "@medusajs/test-utils": "^2.1.2", "@mikro-orm/cli": "5.9.8", "@swc/core": "1.10.1", "@swc/jest": "^0.2.37", "@types/express": "^4.17.21", "@types/jest": "^29.5.14", "@types/node": "^20.17.10", "@types/react": "18.3.17", "@types/react-dom": "18.3.5", "jest": "^29.7.0", "prop-types": "^15.8.1", "react": "18.3.1", "react-dom": "18.3.1", "ts-node": "^10.9.2", "typescript": "^5.7.2", "vite": "5.4.11" }, "engines": { "node": "22.11.0", "yarn": "4.5.1" }, "packageManager": "[email protected]" }Node.js version
v22.11.0
Database and its version
PostgreSQL 16.6 (Ubuntu 16.6-0ubuntu0.24.10.1)
Operating system name and version
Ubuntu on Raspberry pi
Browser name
Arc
What happended?
Unauthenticated carts get updated to authenticated when a cart is active and a user signs in. If the user has a specified price list, the cart is updated to the price list prices, and the cart gets the customer_id object assigned.
If the user then signs out of the storefront, the cart is not updated to the unauthenticated prices, and the backend continues to return the same cart (presumably because the client stores the cart ID in the client cookies).
Expected behavior
I expected the backend to not allow access to the authenticated cart without an authentication session, and to reply that there is no cart, or an error that the client can recover from by deleting the cart cookie.
Actual behavior
The cart with the authenticated price list prices is offered instead, resulting in weird behavior where the line items are shown with the correct price, but the total prices uses the price list prices.
Link to reproduction repo
https://github.com/medusajs/medusa
The text was updated successfully, but these errors were encountered: