Session management
Browsers and e-commerce sites use HTTP to communicate. HTTP is a stateless
protocol, which means that each command is run independently without any knowledge of the commands
that came before it. Because it is a stateless protocol, sessions must be managed between the
browser side and the server side.
HCL Commerce supports two types of session management: cookie-based and URL rewriting.
The administrator can choose to support either only cookie-based session management or both cookie-based and URL rewriting session management. If HCL Commerce supports only cookie-based session management, customer browsers must be able to accept cookies. If both cookie-based and URL rewriting are selected, HCL Commerce first attempts to use cookies to manage sessions. If a customer browser is set to not accept cookies, then URL rewriting is used.
Cookie-based session management is secure and has performance benefits over URL rewriting. It is therefore recommended to use cookie-based session management for persisting user sessions.