From 1c1ab3576f2ac661f454bdff88749ebc8eb70e32 Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Sun, 22 Feb 2026 17:46:08 +0000
Subject: [PATCH] Pass cart_sid through login URL for cross-app cart adoption

When login_url() is called from a different app (e.g. cart), the
anonymous cart_sid is in that app's session cookie. Pass it as a
query parameter so the auth app can store it and use it for adoption.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 infrastructure/urls.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/infrastructure/urls.py b/infrastructure/urls.py
index cdcd0e8..5b0972a 100644
--- a/infrastructure/urls.py
+++ b/infrastructure/urls.py
@@ -67,8 +67,16 @@ def market_product_url(product_slug: str, suffix: str = "", market_place=None) -
 
 def login_url(next_url: str = "") -> str:
     # Auth lives in blog (coop) for now. Set AUTH_APP=federation to switch.
+    from quart import session as qsession
     auth_app = os.getenv("AUTH_APP", "coop")
     base = app_url(auth_app, "/auth/login/")
+    params: list[str] = []
     if next_url:
-        return f"{base}?next={quote(next_url, safe='')}"
+        params.append(f"next={quote(next_url, safe='')}")
+    # Pass anonymous cart session so the auth app can adopt it on login
+    cart_sid = qsession.get("cart_sid")
+    if cart_sid:
+        params.append(f"cart_sid={quote(cart_sid, safe='')}")
+    if params:
+        return f"{base}?{'&'.join(params)}"
     return base