Set a cookie for paying users

Hi,
I would like to know if there is a Cookie that is automatically set when a paying user logs in?

Basically there is a cookie that identifies a user logged in with an active stripe plan?

If it does not exist, is it possible to set a cookie only for paying users on the server side without compromising the Ghost core and without being overwritten with each update?

Thanks

What’s the usecase? What are you trying to achieve with the cookie? :slight_smile:

Hi @John,
thanks for the quick reply.

currently in my template I have the current condition:

if member.paid {
  // cookie
}

I am testing a system of ADS that inject scripts into my template, unfortunately these scripts are loaded before my template sets the cookie even if I set it in the header and i can’t change the banner injection time.

In addition to the ADS, I intend to also use other services, active/inactive only for paying users or not, I would like to be able to use the cookie and set it immediately before all the other scripts, but certainly I must be able to know if the login was carried out by a paying user or not.

I see - I don’t really understand the usecase unfortunately, so I don’t have any good suggestions :slight_smile:

What is not clear?

  • I set a cookie for paying users in the header.
  • This cookie blocks banners.
  • The third party system injects the banners before my script sets the cookie for the paying user.
  • I have no way to modify the third party system.

So I would like to set the cookie earlier, the only thing that comes to mind is the server side.

In the meantime, I was thinking if Ghost or Stripe sets a cookie that identifies paying users when they log in.

What about loading the third party script after you’ve done what you need?

something like:

<script>
  doSomeStuff();
  const script = document.createElement('script');
  script.src = 'https://third-party-scripts.com/script.js';
  document.body.appendChild(script);
</script>

hi @egg,
thank you for your suggestion, unfortunately I have no control over the third party script.

in my template I don’t include the third party script, I believe that their script is injected in another way, I think through DNS.

is one of those services where you enter your domain, give your consent, change the DNS, and go.

therefore I understand that it is not possible to get what I want

What about something like:

{{#if member.paid}}
<script>
  if (cookieIsNotSet()) {
    setCookie();
    location.reload();
  }
</script>
{{/if}}

Simplifying, I have this in an hbs file that I include in the site head:

{{#if @member.paid}}
	<script>
		document.cookie = "disable_service=1";
	</script>
{{else}}
	<script>
		document.cookie = "disable_service=0";
	</script>
{{/if}}

The cookie is always set correctly.

The problem is that the third party service loads faster than the hbs file in the site head.

So the third party service is loaded even if my cookie says no.

I was thinking of setting this cookie on the server side, but on the server side I don’t know how to identify a paying user log in

Right, but you’re missing the location.reload() - this will reload the page and then your scripts will have access to that cookie.

You’ll also need to set an expiry or max-age for the cookie.

document.cookie = 'disable_service=1; max-age=2628000';
location.reload();

About the cookie you’re right, I had also missed this domain=;, with this parameter cookies are not duplicated, I set cookies as session.

I already do the refresh with window.location = '/'; , I would like to avoid these practices and make everything more linear and userfiendly.

there is currently no way to identify from the url or from cookies if a user is paying, right? it would be interesting to try to set cookies here like this:

	if (action == 'signin') {
		$('body').addClass("signin-success");
		if(paid){
             setCookie();
        }
	}

No it’s not possible at the moment!

Reading from the URL wouldn’t be ideal as a user could put whatever search string they wanted to, and all of our cookies are “HTTPOnly” and unable to be read or modified by client-side code!

Right, while I was writing it I thought about it.
It would be interesting if you can create a cookie or something in the future that identifies whether the user is paying or not.