Enabling cookies for session management
Enable cookies for session management.
Procedure
- Open the configuration file.
- Locate the element.
-
Set the appropriate session values.
<cookie acceptance="false" age="-1" display="false" domain="" enabled="true" secure="true" path="/" persistence="wcs"/>
- acceptance
- Set to
true
if he customer's browser accepts cookies for a site that only supports cookies. - age
- domain
- Specifies a domain restriction pattern. A domain restriction pattern specifies the servers that
can view a cookie. By default, cookies are only sent back to the Transaction server that
issued them. For example, if you make a request to a Transaction server at
subdomain.domain.com, then cookies that are created by that server are only
visible to the server at that subdomain when the user returns to it. Specifying a domain name
pattern overrides this behavior. The pattern must begin with a dot and must contain at least two
dots. A pattern matches only one entry beyond the initial dot. For example,
"
.ibm.com
" is valid and matches "a.ibm.com
" and "b.ibm.com
" but not "www.a.ibm.com
". For details on domain patterns, see Netscape's Cookie Specification and RFC 2109. - enabled
- path
- secure
- Specifies whether or not the Transaction Server cookies should have the secure attribute set,
meaning they would only flow over HTTPS.
Note: By default, all session cookies are set as secure. Adding the secure parameter to this configuration file, and setting its value to true will enable the same functionality. The flag can also be disabled, by setting secure to false. Disabling secure session cookies is not recommended, however, unless the site has pages that require using HTTP.
Option Description Cookie acceptance test Select this check box to check if the customer's browser accepts cookies for a site that only supports cookies. Cookie session manager Select whether you want HCL Commerce or WebSphere Application Server to manage your cookies. The default is HCL Commerce. - A WebSphere Application Server session cookie is based on the servlet HTTP session standard. WebSphere Application Server cookies persist to memory or to the database in a multinode deployment. For more information, see Session management support.
- an HCL Commerce session cookie is internal to HCL Commerce and does not persist to the database.
- Save and close the file.
- Open the Store server configuration file.
-
Locate and update the
SessionManagement
section of the configuration file to set the cookie configuration options for the Store server, if required.Note: By default, cookies have the secure attribute enabled. - Save and close the file.