Enabling multiple logon support for the same user
Enable multiple logon support to allow for the same authenticated user to use the site from multiple browsers or locations. This feature eliminates the termination of the session and the request to reauthenticate a user, if that same user logs in from a different browser or location.
The standard behavior for HCL Commerce session management (by using cookies, REST tokens, or activity tokens) is to allow only one active session per user. If a user logs in from another browser or location, and they attempt to make a request with their first session, the following error is displayed:

This default behavior can be modified to allow multiple sessions per user. With multiple session support enabled, each user session acts independently. For example, each session can timeout or be logged out without affecting the other. All site functions are shared between user sessions. Any changes that are made to the cart through one session, for example, are display in the other session.
- To mitigate the reduced security of enabling multiple logon support, session timeout must be enabled. To enable session timeout, see Session timeout.
Multiple logon support security is enhanced in version 9.1.6.0. All sessions are now invalidated when sensitive secuirty-related events occur, such as when a user account is disabled by an administrator, the user's password is reset, or if the user logs off in one of their sessions.
Procedure
-
Enable multiple login on the HCL Commerce server.
- If you use the Solr-based search solution, you must ensure that the allowMultipleLogonForSameUser parameter is set to true in your Search server configuration. For more information, see Search properties in the component configuration file (wc-component.xml).