We’ve identified an issue related to customer ID management on the shop site when using the new customer accounts system.
When attempting to retrieve the customer ID via meta.page.customerId (or even __st), the value may sometimes return as undefined, despite the user appearing to be authenticated on the account page.
This typically occurs when cookies—specifically the _shopify_essential cookie—have been cleared for the shop site. As a result, the user believes they are still logged in, but the shop site extensions cannot detect their authentication status because the customerId is unavailable.
This discrepancy can lead to confusion, as the user’s account page remains accessible while the rest of the site fails to recognize them as authenticated.
Please let us know if you need more details or a recommended workaround.
This behaviour happens because the new customer accounts operate on a separate authentication layer from your shop site, creating two distinct authentication contexts. When the _shopify_essential cookie is cleared on the shop domain, the JavaScript-based detection methods like meta.page.customerId and __st lose their reference, even though the customer remains authenticated on the accounts domain.
For detecting this mismatch, you’ll probably want to implement a check that compares the authentication states between both domains. The approach depends on your specific implementation - are you building a theme extension, an app, or working with custom theme code? Just want to understand your use case here so I can help as best as possible.
The best approach, if you’re using Liquid though, would likely be to leverage the customer object to verify if they’re logged in or not: Liquid objects
Let’s say I’m building a Liquid extension that needs to display customer information. If the cookies are cleared on the storefront, my extension won’t be able to access customer-related data (even with liquid objects) because the _shopify_essential cookie is missing. As a result, my extension prompts the user to log in.
However, when the user navigates to the account section to log in, they’ll see that they’re already logged in (since the customer account context is still active). The only workaround at the moment is for the user to manually log out and log back in, which resets the _shopify_essential cookie and allows the extension to detect the logged-in state and datas properly.
It would be expected that visiting the customer account domain would reset the _shopify_essential without having to log out then log in again so that there is no mismatch between the two authentification layers which are tightly related.
No worries @Raphael_Pare - thanks for clarifying things! My understanding is that this is expected behaviour, but I’ll do some further digging on my end and loop back with you once I have more info/workarounds to share.
For instance, tried to recreate the issue by deleting the cookies on my storefront (appearing “logged out”) then visiting account section (appearing “logged in”), going back to storefront (still appearing “logged out”) => mismatch
Hey @Raphael_Pare - thanks for following up on this, I do have some information to share. The issue in that other thread is slightly different (in that they were able to retrieve customer info, but it disappeared after 24 hours) and that the behaviour you’re seeing here is expected since since the storefront of a shop and the customer account page are technically on different domains.
The fix that was deployed per that thread extends session duration from 24 hours to 30 days for new sessions, preventing customer data from disappearing due to timeout - but it doesn’t address the manual cookie deletion scenario you’re describing.
If users are already logged in on the account page, and go to checkout/click the login link, they should be automatically logged back in on the storefront. Other than that, logging out and logging in again is the only solution at the moment.
I definitely understand it’s not ideal, so I’m going to put through a feature request so that we can officially log this for our product team.
Let me know if I can clarify anything on our end here.
