Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
IBM WebSphere Commerce V7
  • Product overview
  • WebSphere Commerce search
  • Precision marketing
  • What's new
  • User Guide
  • Reference
  • Other versions
  1. Home
  2. User Guide

    The information contained in this section applies to IBM WebSphere Commerce Version 7.0.0.9 and Feautre Pack 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in new editions.

  3. Securing

    These topics describe the security features of WebSphere Commerce and how to configure these features.

  4. Session management

    Browsers and e-commerce sites use HTTP to communicate. HTTP is a stateless protocol, which means that each command is run independently without any knowledge of the commands that came before it. Because it is a stateless protocol, there must be a way to manage sessions between the browser side and the server side.

  5. Using cookies for session management

    Use the Configuration Manager to enable cookies for session management.

  6. Persistent sessions (Remember Me)

    WebSphere Commerce can be configured to enable persistent sessions, meaning that some session-related information of the registered or guest user is stored as permanent cookies. If persistent sessions are enabled, a customer at a WebSphere Commerce store will be recognized on subsequent visits to the store, even after the customer closes the browser. Sessions can be persisted for both guest and registered users. If enabled, sessions are by default persisted for 30 days.

  7. Personalization ID

    The Personalization ID identifies a user and allows WebSphere Commerce to present them with personalized content when the user interacts with the business, throughout the business lifecycle.

  8. Disabling personalization ID

    You can disable personalization ID.

  • User Guide

    The information contained in this section applies to IBM WebSphere Commerce Version 7.0.0.9 and Feautre Pack 8. The documentation also applies to all subsequent releases and modifications until otherwise indicated in new editions.

    • Planning

      Creating a custom implementation of a WebSphere Commerce store requires a significant amount of planning. From gathering client needs, to deploying the live solution, much work is needed to successfully deploy a custom client store. Use the resources in here to help you plan every phase of store creation.

    • Installing

      Review this section for information about installing the WebSphere Commerce product, associated maintenance, and WebSphere Commerce enhancements.

    • Migrating

      Before you migrate WebSphere Commerce, review this information for an overview of the migration process.

    • Operating
    • Administering
    • Tutorials

      WebSphere Commerce provides many tutorials.

    • Samples
    • Developing

      The topics in the Developing section describe tasks performed by an application developer.

    • Compliance

      The following section describes how you can leverage WebSphere Commerce features and functionality to help your site be compliant with different privacy and security standards.

    • Securing

      These topics describe the security features of WebSphere Commerce and how to configure these features.

      • WebSphere Commerce security model

        Authentication is the process of verifying that users or applications are who they claim to be. In a WebSphere Commerce system, authentication is required for all users and applications that access the system, except for guest customers.

      • WebSphere Commerce authentication model

        The WebSphere Commerce authentication model is based on the following concepts: challenge mechanisms, authentication mechanisms and user registries.

      • Authorization

        WebSphere Commerce views access control or authorization as the process of verifying that users or applications have sufficient authority to access a resource. This section describes the details of several aspects of WebSphere Commerce access control.

      • Security Standards

      • WebSphere Commerce Security Bulletin List

        The following table is provided to help you locate WebSphere Commerce security bulletins.

      • Hardening site security checklist

      • Site security considerations

        To enhance the security of your WebSphere Commerce site, you can enable various features in Configuration Manager and the Administration Console.

      • Session management

        Browsers and e-commerce sites use HTTP to communicate. HTTP is a stateless protocol, which means that each command is run independently without any knowledge of the commands that came before it. Because it is a stateless protocol, there must be a way to manage sessions between the browser side and the server side.

        • European Union Data Protection Directive and WebSphere Commerce cookies

          The European Union Data Protection Directive specifies that cookies that are strictly necessary for the delivery of a service requested by the user the consent of the user is not needed. For cookies that are not necessary for the deliver of a service requested by the user, the user must give consent before the cookies or any other form of data is stored in their browser. In WebSphere Commerce, session management cookies are necessary to deliver services requested by the user.

        • Using cookies for session management

          Use the Configuration Manager to enable cookies for session management.

          • Persistent sessions (Remember Me)

            WebSphere Commerce can be configured to enable persistent sessions, meaning that some session-related information of the registered or guest user is stored as permanent cookies. If persistent sessions are enabled, a customer at a WebSphere Commerce store will be recognized on subsequent visits to the store, even after the customer closes the browser. Sessions can be persisted for both guest and registered users. If enabled, sessions are by default persisted for 30 days.

            • Enabling global persistent sessions

              WebSphere Commerce can be configured to enable persistent sessions for both registered and guest users. Enabling persistent sessions allows for some session-related information of the user to be stored as permanent cookies. If persistent sessions are enabled, a customer at a WebSphere Commerce store will be recognized on subsequent visits to the store, even after the customer closes the browser. To enable persistent sessions for a particular store, you must first enable persistent sessions globally, and then enable them for the specific store.

            • Enabling global persistent sessions (Developer)

              WebSphere Commerce can be configured to enable persistent sessions for both registered and guest users. Enabling persistent sessions allows for some session-related information of the user to be stored as permanent cookies. If persistent sessions are enabled, a customer at a WebSphere Commerce store will be recognized on subsequent visits to the store, even after the customer closes the browser.

            • Enabling persistent sessions in a single store

              Persistent sessions are useful in consumer direct stores, although it is possible to enable B2B direct stores with persistent sessions as well. The steps to enable persistent sessions in the stores differ only in the locations and names of the files that need to be altered. In both cases, the store's Logon and UserRegistrationAdd forms require changes. The steps must be completed for all the stores in the site that need persistent sessions.

            • Dynamic caching for persistent session

              Consider an example of dynamic caching for persistent session: The Remember Me feature is enabled, and a guest customer returned to the store. The Remember Me (persistent session) feature in WebSphere Commerce does not require the first request that is processed by the WebSphere Commerce Server to be skipped by the dynamic caching facility and processed during run time. The only caching requirement is that any request that displays user-oriented data must be processed once by the WebSphere Commerce run time before it displays this data. Since pages that contain data that pertains to a particular user are not typically cached, it is acceptable to delay generating the new guest customer until a non-cacheable operation is requested where a new guest customer is created and then migrated.

            • Personalization ID

              The Personalization ID identifies a user and allows WebSphere Commerce to present them with personalized content when the user interacts with the business, throughout the business lifecycle.

              • Enabling personalization ID

                You can enable personalization ID for your WebSphere Commerce site by editing the WebSphere Commerce configuraton file.

              • Disabling personalization ID

                You can disable personalization ID.

        • Using URL rewriting for session management

          Use the Configuration Manager to specify how sessions should be managed.

        • Using JSP pages for URL rewriting

          If you want to use URL rewriting to maintain session state, do not include links to parts of your Web application in plain HTML files. This restriction is necessary because URL encoding cannot be used in plain HTML files. To maintain state using URL rewriting, every page that the user requests during the session must have code that can be understood by the Java interpreter. If you have such plain HTML files in your Web application and portions of the site that the user might access during the session, convert them to JSP files.

        • Changing session management settings in the WebSphere Commerce configuration file (wc-server.xml)

          You can change various session management settings in the WebSphere Commerce configuration file. For example, if you set the expiration time you can change the tracking behavior of the referral cookie. The referral cookie is used for marketing activities, to track the URL that referred the customer to the WebSphere Commerce site. That is, it tracks the URL that was displayed in the customer's browser immediately before navigating to the WebSphere Commerce site.

        • Enabling multiple logon support for the same user

          Enable multiple logon support to allow for the same authenticated user to use the site from multiple browsers or locations. This feature eliminates the termination of the session and the request to reauthenticate a user, if that same user logs in from a different browser or location.

      • Quick reference to user IDs, passwords, and Web addresses

        Administration in the WebSphere Commerce environment requires a variety of user IDs. These user IDs along with their requisite authorities are described in the following list. For the WebSphere Commerce user IDs, the default passwords are identified.

      • Enabling WebSphere Application Server security

        You can enable WebSphere Application Server security, which includes two orthogonal components: WebSphere global security and Java 2 security.

    • Performance
    • Troubleshooting

Disabling personalization ID

You can disable personalization ID.

Procedure

  1. Open the WebSphere Commerce configuration file.
  2. Search for the PersonalizationId node.
  3. Set the value of the enable attribute to false, as shown in the following sample:
    
    <PersonalizationId display="false" enable="false"/>
    
  4. Propagate the changes to the WebSphere Commerce configuration file.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences