Enabling multiple logon support for the same user

Enable multiple logon support to allow for the same authenticated user to use the site from multiple browsers or locations. This feature eliminates the termination of the session and the request to reauthenticate a user, if that same user logs in from a different browser or location.

The standard behavior for WebSphere Commerce session management (by using cookies, REST tokens, or activity tokens) is to allow only one active session per user. If a user logs in from another browser or location, and they attempt to make a request with their first session, the following error is displayed:

Generic Error: Your logon ID may have been used in another location. Sign in again to continue.

This default behavior can be modified to allow multiple sessions per user. With multiple session support enabled, each user session acts independently. For example, each session can timeout or be logged out without affecting the other. All site functions are shared between user sessions. Any changes that are made to the cart through one session, for example, are display in the other session.

Important:
  • To mitigate the reduced security of enabling multiple logon support, session timeout must be enabled. To enable session timeout, see Enabling timeout.
  • WebSphere Commerce Version 8.0.4.26 or laterMultiple logon support security is enhanced in version 8.0.4.26 with session invalidation.

Procedure

To enable multiple login support:
  1. Open the WebSphere Commerce configuration file, wc-server.xml, for editing. It can be found in the following directory:
    • For IBM i OS operating systemAIXLinuxWindowsWC_eardir/xml/config/
    • WebSphere Commerce Developerworkspace_dir\WC\xml\config\
  2. Find the <SessionManagement> section of the XML, and insert the following line:
    <SessionManagement>
    	<url-rewriting display="false" enabled="false"/>
    	<cookie acceptance="false" age="-1" display="false"
    		domain="" enabled="true" path="/" persistence="wcs"/>
    	<referrerCookie age="-1"/>
    	<PersistentSession cookieExpiry="30"
    		delayNewPersistentGuestSession="true" display="false" enable="true"/>
    	<PersonalizationId display="false" enable="true"/>
    	<AllowMultipleLogonForSameUser display="false" enabled="true"/>
    </SessionManagement>
  3. Save and close the file.
  4. Propagate the changes to the WebSphere Commerce configuration file by running the config_ant script with the UpdateEAR target.
    • For IBM i OS operating systemAIXLinuxWC_installdir/bin/config_ant.sh -DinstanceName=instance_name UpdateEAR
    • WindowsWC_installdir\bin\config_ant.bat -DinstanceName=instance_name UpdateEAR
  5. Stop and start WebSphere Commerce.