Hi, I have an issue with the customer account order status page ({{ customer_order_url }}) when a customer places an order on one device and then opens the confirmation email on another device (e.g., mobile). You can reproduce this by copying the order status URL and pasting it into an incognito window. The page displays “Order not found”, which makes sense since there is no customer ID information, and the user is not logged in.
However, on the old order status page ({{ order_status_url }}), it was possible to check the order status even in incognito mode. If I recall correctly, there were multiple security levels. These mechanisms ensured that customer information remained secure and that only verified users could access detailed order details, but basic order information was still visible.
Is it possible to implement a similar approach on the new order status page? It is highly undesirable for customers to access their order status from another device and encounter an “Order not found” message.
If achieving a similar mechanism to the old order status page is not possible, can I at least display a login button with a message informing the customer that they need to log in to view their order?
Thanks, I did it, but it redirects to the old version of the order status page. I want the customer to reach the new version instead. I implemented a custom app there.
EDIT: I have an idea. My client uses the new customer account page already but still uses the old Thank You Page template. Is it possible that they need to fully update the new Checkout, including the Thank You Page, to avoid being redirected to the old Order Status page when using {{ order_status_url }}? I’m confused.
Correct, them upgrading their thank and order status pages would allow you to use {{ order_status_url }}, but it won’t fix the issue for all shops.
You’re right that this is looking like a bug with {{ customer_order_url }}, I’m talking to my team to understand how we can resolve this. Ideally, {{ customer_order_url }} would be used when you need to redirect customers to an authenticated order status page, and require them to authenticate if they are logged out. {{ order_status_url }} would continue supporting the use case of showing the page to customers even if they’re not logged in (authorization token that eventually expires, and then redirects you to the redacted version of the page), but does not allow them to take any action unless they log in.