redirect after user creation
Hi,
I just finished setting up everything, and it works well. A little
detail whould help me though :
Would it be possible to add the custom_code as a param when redirecting the customer after he gave his CB numbers ? I mean that I'm using the "Return Locations" in "Hosted Page" config, instead of sending the user back to http://app.360learning.com/blablaba, you could send him to http://app.360learning.com/blablaba?code=xxxx. I'm asking this because I have some setting up to do after a user has paid, so instead of checking on cheddargetter if a user has paid every time he comes through the loggin page, I can do the settup only when this url is called with his code (and then only will this user be marked as "paid" on my end, and i'll have to check each times he logs in if he hasn't canceled his CB or whatever).
Thank's in advance for your help !
Discussions are closed to public comments.
If you need help with Cheddar please
start a new discussion.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Marc Guyer on 16 May, 2012 12:38 PM
Hi Sebastien -- We don't do this due to security issues. The recommended way to accomplish that is using the API (or the quick status lookup). You can do this only once and flag the customer as verified in your db or some other mechanism. Also, we are in final testing of a shiny new hook system that you could use for this purpose. Here's the documentation on that:
http://support.cheddargetter.com/kb/operational-how-tos/web-hooks-s...
We're planning to make it available to everyone in a week or so.
Even if you use the hook, it is recommended to check a customers status periodically since it could change at any time. Otherwise, you could be providing service to customers who have stopped paying.
2 Posted by Sebastien Migno... on 16 May, 2012 12:50 PM
Ok thank's, I'll look at the hooks.
(btw, I don't quite get the security issue, since the customer can already get the custom code param when we send him to the payment page. as long as i understand that blablaba?code=xxx can be called by anyone on the net, and make the necessary verification of course)
Support Staff 3 Posted by Marc Guyer on 16 May, 2012 12:59 PM
Correct, the main issue is that anyone can guess the ?code=xxx. However, when a person is signing up, they're signing up as themselves so changing ?code=xxx to ?code=yyy has no effect. The risk arrises since the redirection could be highjacked and replayed by someone else, effectively stealing the real user's account.
4 Posted by Sebastien Migno... on 16 May, 2012 01:05 PM
The service hook for the event user creation will do exactly what I need, that's prefect, thank's!
Is there somewhere I can "subscribe for update" to get a mail when the hooks will be available ?
5 Posted by adam on 16 May, 2012 02:29 PM
Hi Sebastien, we'll send out a newsletter when this is released next week. Since you are a CheddarGetter user you will automatically receive it.
Thanks,
Adam
Dean closed this discussion on 22 Jan, 2013 10:36 PM.