Skip to content
C

Customer Accounts

Customer Accounts on Your Storefront

Cartly provides a complete customer account system that lets your buyers register, log in, and manage their information.

Registration

Customers can register through the registration page on your storefront. The registration form requires a name, email, and password. After registration, a verification email is sent to confirm the email address. Customers must verify their email before they can complete a checkout.

Login and Sessions

Customer sessions are managed through secure HTTP-only cookies stored in Redis. When a customer logs in, a session is created that persists until they log out or the session expires (configurable, default 30 days). Sessions are server-side for security ā€” the cookie contains only a session ID, not user data.

Two-Factor Authentication

Customers can enable two-factor authentication (2FA) using a TOTP authenticator app. When 2FA is enabled, logging in requires both the password and a time-based code from their authenticator. This provides an additional layer of security for customer accounts.

Account Dashboard

Once logged in, customers can access their account page which includes:

  • Order history ā€” View all past orders with status and tracking information
  • Addresses ā€” Add, edit, and delete saved shipping addresses. The default address is pre-filled during checkout.
  • Wishlist ā€” View and manage saved products. Add items to cart directly from the wishlist.
  • Account settings ā€” Update name, email, and password

Password Reset

Customers who forget their password can request a reset link. The link is sent to their registered email and expires after one hour. Clicking the link opens a form to set a new password.

Guest Checkout

Customers are not required to create an account to make a purchase. Guest checkout collects only the necessary information (email, shipping address, payment). After a guest purchase, the customer can optionally create an account using the same email, which links their guest order to the new account.

Account Security

Cartly protects customer accounts with:

  • Bcrypt password hashing
  • Rate-limited login attempts
  • Email verification requirement
  • Secure session management via Redis
  • Optional two-factor authentication
Was this helpful?

Related articles