Developer forum

Forum » Dynamicweb 10 » Multi site/shop <> BC companies scenario - prevent BC users access to wrong site/shop

Multi site/shop <> BC companies scenario - prevent BC users access to wrong site/shop

E-mail notifications
Peter Krusell
Reply
Posted on 20/10/2025 22:50:49

Hi,
We have a scenario with Multi site/shop <> BC companies scenario x 4 for different scandinavian markets / countries.
When a BC user that originates from lets say the BC SE company logs in on the SE site, its after that possible for him to swith over to the other sites and still be logged in.
Since the other sites are connected to other BC companies where this user does not exist - it creates errors in the live integration, live prices show 0 etc.

What is the recommended way in DW10 to limit users per site/shop that corresponds to the BC company that the user originated from?

We have solved this in DW9 setups and if I remember correcly we used the setting / feature in the screenshot below "Include shop id in extanet log in". But I dont find that setting in DW10.
/Peter


Replies

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 21/10/2025 16:54:46
Reply

Hi Peter,

 

The value for ShopId should be there by default in the "Commerce" tab when managing a user. You may not need it though

 

For the redirect, the simplest way is to ensure the users belong to a group where "Redirect after log in" is set to the proper page/site
https://doc.dynamicweb.dev/manual/dynamicweb10/users/user-groups.html?tabs=groupadvanced

This just means the users need to belong to dedicated user groups per website. You can have them belong there manually, directly based on some logic during the import process OR using Segmented Searches to populate such groups.

But if you have to add additional logic, you may want to subscribe to the OnExtranetLogin notification and redirect the user accordingly
i.e. You check the Shop Id and match it against the Area/Website he should be redirected to
More info in https://doc.dynamicweb.dev/api/Dynamicweb.Notifications.Standard.User.OnExtranetLoginArgs.html

 

Best Regards,

Nuno Aguiar

 
Peter Krusell
Posted on 21/10/2025 20:53:02
Reply

Hi Nuno,
Thanks for good pointers.

We do have the users imported from each BC company into corresponding, dedicated groups and it works fine to set Redirect after login on these groups.

The problem is that after login the user can still just switch to another website where the login session is also valid.

I think what we really need to prevent BC users from accessing the wrong site/shop is isolation of login session per website/shop, like discussed here:
https://doc.dynamicweb.com/forum/cms-standard-features/cms-standard-features/isolate-login-session-for-each-website

I see now that in our previous Multi site/shop <> BC companies solutions are indeed using separate country domains per website, so we have not come across this :-)

This new client need to use regional prefixes on their websites  
[domain]/sv-se
[domain]/fi-fi
[domain]/nb-no
[domain]da-dk
The cant use separate domains per site as they dont have that.

Is there any way to configure isolation of login session per website without using separate domains per site?
If custom code is needed any recommendations how to implement it?

Best regards,
/Peter

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 22/10/2025 13:23:27
Reply

Hi Peter,

 

  • Is there any way to configure isolation of login session per website without using separate domains per site?
    There isn't, but you can develop this.

 

To achieve it you might want to subscribe to the Page Loaded notification https://doc.dynamicweb.dev/api/Dynamicweb.Notifications.Standard.Page.html#Dynamicweb_Notifications_Standard_Page_Loaded (not sure if there's a better one), and there do some checks:

  • Check if the user is logged in (if anonymous you may want to keep them there)
  • From the Page ID you can get the AreaID and then it's ShopID
  • Compare it against the logged in user's Shop Id
  • If different then
    • Redirect to the current page id's language version of that page
    • If there isn't any, redirect to the homepage of their appropriate site

 

Hope this makes sense

Nuno Aguiar

 
Adrian Ursu Dynamicweb Employee
Adrian Ursu
Posted on 22/10/2025 13:28:47
Reply

Hi guys,

What about using permissions per Website? It's not exactly elegant, but it may at least prevent access to the website.

Adrian

 

You must be logged in to post in the forum