Page Comparison

Every call in the MyAccount REST API uses two cookies for authentication:

UltraCartMerchantId - Merchant ID

UltraCartShoppingCartId - Cart ID

This is to remain consistent with the UltraCart shopping cart engine. Using the same two cookies avoids multiple login prompts to the customer.

These cookies are automatically set by the login methods, so after login, security is transparent.

Most pages may use a simple model to handle expired sessions or invalid logins:

var redirectToLogin = function () {
  var location_href = "index.html";
  if (location.hash && location.hash.length > 0) {
    location_href += "?hash=" + location.hash.substring(1);
  }
  location.href = location_href;
};
jQuery(document).ajaxError(function (event, xhr) {
  if (xhr.status == 401)
    redirectToLogin();
});

Be aware that the valid presence of these two cookies is not enough to constitute a "logged in" status. The customer must have submitted their profile username and password as some point and the server must have a flag set on its internal record denoting the customer as logged. So do not assume that just because you're seeing these two cookies accompany REST calls that the customer is logged in.