PS PrestaShop Beginner

dfsavecart — Magic link cart save

Installation, configuration and usage of the magic link cart save module for PrestaShop 8 and 9.

Updated Module version 1.0.0

Overview

dfsavecart adds a “Keep for later” feature to the cart page of your PrestaShop 8 or 9 store. The visitor, logged in or guest, enters their email address and receives a secure link (“magic link”) that restores their exact cart — same products, same quantities — on any device, at any time within the configured validity period.

The module is non-intrusive: it does not affect the order funnel, the checkout, or other modules. It works with PrestaShop’s native email system (and therefore with your existing SMTP).

Requirements

  • PrestaShop 8.0.x to 9.x
  • PHP 8.1 or higher
  • MySQL 5.7+ or MariaDB 10.3+
  • Working email sending (Advanced Parameters > E-mail — test sending before installing the module)

Installation

  1. Download the dfsavecart.zip file from your DataFirefly account.
  2. In the PrestaShop back office, go to Modules > Module Manager.
  3. Click Upload a module and select the ZIP.
  4. PrestaShop installs the module automatically: the ps_df_savecart table is created and the hooks are registered.
  5. Click Configure to access the settings.

No class or controller overrides are installed: uninstallation is clean and residue-free (the table and configuration keys are removed).

Configuration

All settings are on a single page: Modules > Module Manager > dfsavecart > Configure.

Main settings

  • Enable the module — master switch. When disabled, the block disappears from the front office without uninstalling.
  • Button positionCart footer (recommended, hook displayShoppingCartFooter), Inside cart (hook displayShoppingCart) or Both. The choice depends on your theme: check the rendering on the cart page after changing it.
  • Link validity duration — from 1 to 365 days, 30 by default. After that, the link expires and the record is purged.

Security and anti-spam

  • Limit per email / day — maximum number of sends for the same address over a rolling 24 h window (10 by default). Set 0 to disable. The counter relies on a salted hash of the email: the address is not stored in clear text for this function.
  • Single-use link — when enabled, the link becomes invalid after the first restoration. Useful for confidential carts (B2B, quotes).

Restoration behavior

  • Clear the current cart before restoring — enabled by default. When disabled, the link’s products are added to the current cart (cumulative).

GDPR and email

  • Request GDPR consent — displays a mandatory checkbox before sending (enabled by default, recommended).
  • Send BCC to the merchant — adds the shop’s contact email as BCC on every send, for internal tracking.
  • Email subject (per language) — customizable for each active shop language. Available variables: {shop_name} and {firstname}.

How it works for the customer

  1. The customer adds products to their cart and opens the cart page.
  2. They see the “Keep this cart for later” block with an email field (prefilled if logged in).
  3. They enter their email, tick the consent box if required, and click Send the link.
  4. They receive an email containing a cart summary (products, quantities, estimated total), the expiry date and a Restore my cart button.
  5. Clicking the button restores the exact cart and redirects to the cart page with a confirmation message.

Edge cases at restoration

  • Disabled or deleted product — the line is skipped and the customer is informed by a message listing unavailable products.
  • Insufficient stock — the quantity is adjusted to the maximum available, with a message flagging the adjustment.
  • Expired or already used link (single-use mode) — a sober error page is displayed, with links to the current cart and the homepage.
  • Language and currency — those of the original cart are restored.

Emails

HTML and text templates are provided in French, English, Spanish and German in modules/dfsavecart/mails/{iso}/savecart.html and savecart.txt. The language used is the cart’s language at save time.

Variables available in the templates: {firstname}, {shop_name}, {restore_link}, {cart_items_html}, {cart_items_txt}, {cart_total}, {expiry_date}.

To customize templates durably, duplicate them into your theme’s mails folder rather than editing the module’s copies: those would be overwritten on update.

Security

  • 256-bit token — generated by random_bytes(32), PHP’s cryptographically secure generator. 64 hexadecimal characters in the URL.
  • Hash storage — only the SHA-256 fingerprint of the token is stored in the database. If the database is compromised, no link can be reconstructed.
  • CSRF — the AJAX save endpoint verifies the PrestaShop session token.
  • Strict validation — the token format is checked server-side ([a-f0-9]{64}) before any database query.

GDPR

  • Configurable explicit consent before sending the email.
  • For the anti-spam limit, the email is not kept in clear text: only a salted hash (using the shop’s secret key) is used.
  • Expired records are deleted automatically (purge) — see next section.
  • No data is transmitted to any third-party service: everything stays in your PrestaShop database.
  • For a customer erasure request, delete their rows in the ps_df_savecart table (email column).

Three options, from simplest to most automated:

  1. Manual button — on the module’s configuration page, “Purge expired entries”.
  2. CronJobs module — install PrestaShop’s free CronJobs module: the module’s actionCronJob hook is called automatically and triggers the purge.
  3. System crontab — schedule a regular call to your shop’s cron according to your server setup.

Statistics

The configuration page displays four real-time counters: total saved, active (not expired), expired (awaiting purge) and restored (links used at least once). The restored / total ratio gives you the feature’s conversion rate.

Multistore

The module is multistore-compatible: each save records its source shop ID, which is used during restoration. Configuration follows the standard PrestaShop shop context.

Troubleshooting

The email does not arrive

  • Check the shop’s global email sending: Advanced Parameters > E-mail > Test sending.
  • Check the recipient’s spam folder.
  • Check the logs: Advanced Parameters > Logs (module errors are prefixed [dfsavecart]).

The block does not appear on the cart page

  • Check that the module is enabled in its configuration.
  • Check that the cart contains at least one product (the block is hidden on empty carts).
  • Check the chosen position: some themes do not implement the displayShoppingCartFooter hook — switch to “Inside cart” or “Both”.
  • Clear the cache: Advanced Parameters > Performance > Clear cache.

“Invalid security token” message

  • The cart page stayed open too long and the session expired: refresh the page and try again.

“Too many requests for this address” message

  • The daily anti-spam limit has been reached for this email. Raise the limit in the configuration or wait 24 h.

Uninstallation

Uninstalling removes the ps_df_savecart table (all saved carts are lost) and all configuration keys. No residue is left in the database or on disk.

Was this page helpful?

Still stuck? Contact support