Persistent sessions (Remember Me)
WebSphere Commerce can be configured to enable persistent sessions, meaning that some session-related information of the registered or guest user is stored as permanent cookies. If persistent sessions are enabled, a customer at a WebSphere Commerce store will be recognized on subsequent visits to the store, even after the customer closes the browser. Sessions can be persisted for both guest and registered users. If enabled, sessions are by default persisted for 30 days.
- Persistent sessions are disabled by default.
- Persistent sessions are enabled by default.
Persistent sessions increase the ability of the store to monitor customer activities:
- Analytic tools can correlate shopping activities that span multiple sessions, even if the user does not register.
- Marketing experimentation can contain data from multiple sessions, which includes the sessions of guest customers.
Persistent sessions enhance the shopping experience:
- It is easier for a customer to resume their existing shopping experience.
- It is the only way for a guest customer to retrieve the pending shopping carts from a previous session.
The customer must be accessing the store from the same computer that they used to create the persistent session. Customers can choose not to be remembered by clearing the Remember Me check box when they log in, or during the registration process. In this case, their information will not persist into the next session.
When persistent sessions are enabled and the customer elects to be remembered by clicking the Remember Me check box on the logon or registration page. Then, the returning customer (a partially authenticated user, also known as a remembered user) can view the following information by default, which is dependant on how the "Credentials Accepted" attribute is configured in the Struts configuration file. For more information, see Mapping URLs to controller commands: action-mappings
Customer type | Can view | Cannot view |
---|---|---|
Guest user |
|
|
Guest user (remembered) |
|
|
Registered user (logged out, but remembered) |
|
|
Registered user (logged in) |
|
Consider the common scenario where a guest user places an order at a location that provides public Internet access. By creating a new guest user each time, a remembered guest goes through a protected request. The new user prevents another user from viewing any previous information such as their order history, previous shipping and billing addresses, and other information that is provided during the check-out process. Therefore, users that are placing orders through locations that provide public Internet access can do so safely. This eliminates the privacy infringement concern through future sessions.
Persistent cookies
Cookie name | Description |
---|---|
WC_PERSISTENT | This cookie is used to persist user ID, language ID, personalization ID (if enabled), and currency for each store ID visited in the session. Multiple sets of identifiers can exist if the user visits more than 1 store. |
Remembered users
By default,
the Logoff command deletes the persistent session. However, if rememberMe=true
is
passed to the Logoff command then the registered user is logged off
but remembered. The session persists, and the registered user is able
to view the shopping cart but not other information such as order
history or addresses. To view this sensitive information that the
customer needs to log on to the store consider the following examples:
For an example of persistent session implementation, see the Madisons starter store provided with WebSphere Commerce. Refer to the Logon and Registration JSP pages that are provided with the starter store for an example of the Remember Me check box.