Thursday, August 11, 2011

Application of Activity Token | Multiple ways to getActivityToken

Activity Token is the equivalent of sessionid and thought not advised but sometimes, it is required to use activityId for some custom implementations:
1. If you are implementing a custom XSRF, even though V6 Fix Pack 10 has this feature.
2. Custom WebService across devices that can't use cookies but need to maintain commerce session.

public ActivityToken getActivityToken(HttpServletRequest request)

// Check, is it available as a request attribute?
ActivityToken token = null;
token = (ActivityToken) request.getAttribute(ECAttributes.ATTR_EC_ACTIVITY_TOKEN);
// that's not true, try request handle
if (token == null) {
RequestHandle handle = (RequestHandle)request.getAttribute(ECAttributes.ATTR_EC_REQUEST_HANDLE);
token = (handle != null) ? handle.getActivityToken() : null;
// Try command context , if above 2 returne
if (token == null) {
CommandContext commandContext = (CommandContext) request.getAttribute("CommandContext");
token = (commandContext != null) ? commandContext.getActivityToken() : null;
return token;

This is my 50th post, if you guys like reading my blogs :), please drop a comment.


  1. Keep it up! Think this is the only Commerce blog, so I'm happy to at least have this.

    On the activity token, we have seen some instances where customers are migrated the wrong way so they see other peoples shopping lists etc. Very hard to recreate, so it must be some performance problem. Might there be some dynacache on activity tokens that could go wrong?

  2. @Joffemannen I don't the activity token can be used as a cache key. Here is a list of known "cache identifiers" (request attributes) which can be used as cache keys:

    How is the cache key defined for your shopping list in cachespec.xml?

  3. @Joffemannen if the problem is during cart migration from guest user to registered user, you could use GuestUserOrderMigrationEventListener or extend that. From what you described if sessions are getting interchanged, seems like CTXMGMT\CTXDATA, context related tables could be corrupted.

  4. I'm currently trying to get a WCToken to allow a CSR user to retrieve a customers cart using the existing carthandler REST service, by extending the LoginIdentityHandler. To do this in learning how commerce handles user security.

    Thanx for sharing this info!

  5. Really Useful... Thanks so much.. Keep posting :)