European Union Data Protection Directive and HCL Commerce cookies

The European Union Data Protection Directive specifies that cookies that are strictly necessary for the delivery of a service requested by the user the consent of the user is not needed. For cookies that are not necessary for the deliver of a service requested by the user, the user must give consent before the cookies or any other form of data is stored in their browser. In HCL Commerce, session management cookies are necessary to deliver services requested by the user.

Persistent cookies are optional: they are used for marketing (based on personalization ID), and for Remember-Me functionality. To get consent for optional cookies, you might present the shopper with a JavaScript message when they first access the site, similar to the following: By continuing to use this site, you consent to the use of cookies on your device as described by our cookie policy (unless you have disabled cookies). You can change your cookie settings at any time. However, some parts of the site will not function correctly without cookies.

HCL Commerce session cookies

The following table lists HCL Commerce session cookies. All of these cookies are essential for the operation of HCL Commerce. You cannot disable these cookies. Session cookies are not persistent.
HCL Commerce session cookies
Cookie name Description
_AN_CGID_COOKIE Stores the categories visited by a user, which is later used by the following Analytics tags: Product tag, Cart tag, and Order tag.
REFERRER The value of referer in the HTTP header.
WC_ACTIVEPOINTER session cookie This cookie contains the value of the store ID of the session. This value is used to select the store to run the command, if one is not specified on the URL.
  • Value: langId | storeId
  • Example: %2d1%2c10601
SESSION_COOKIEACCEPT Checks whether the client browser accepts cookies.
WC_AUTHENTICATION_ID session cookie HCL Commerce uses a secure authentication cookie to manage authentication data. An authentication cookie flows only over SSL. For increased security, it has a timestamp with a signature. This cookie is used to authenticate the user over SSL-connections.
  • Value: userId | hash (sessionKey | userId | timestamp)
  • Example: 3002%2cy77JGV%2btHlOwnIITNCn%2f%2fiaH2ns%3d
WC_GENERIC_ACTIVITYDATA session cookie This cookie exists only if it is a generic user (-1002) session. This cookie stores the session values such as store ID, language ID, and contracts.
  • Value: activityToken | storeId | business context values
  • Example: [45123%3atrue%3afalse%3a0%3a4nhN%2fXerGUj5KgGYOnRBVcizyMw%3d][com.ibm.commerce.context.audit.AuditContext|1328734351734%2d2][com.ibm.commerce.store.facade.server.context.StoreGeoCodeContext|null%26null%26null%26null%26null%26null][CTXSETNAME|Store][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.base.BaseContext|10601%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.context.experiment.ExperimentContext|null][com.ibm.commerce.context.entitlement.EntitlementContext|10503%2610503%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.giftcenter.context.GiftCenterContext|null%26null%26null]
WC_SESSION_ESTABLISHED session cookie This cookie is created on the first request that is processed by HCL Commerce run time. For example, a non-cache request.
  • Value: true
WC_USERACTIVITY_ID session cookie This cookie is a user session cookie that flows between the browser and server over both SSL or non-SSL connection. It is used for user identification over non-SSL connections. It contains user session values such as the session login time, and session identifier information such as the user ID and store ID.
  • Value: cookieValue | encrypt (activityToken | cookieValue)

    Where cookie value is: userId | storeId | passwordInvalidationFlag | attemptedPasswordProtectedCommands | CloneId | logonTime | expiryTime | expiredUserId | preExpiryURL | version | forUserId | activeOrgId |

  • Example: %2d1002%2c10601%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2csExMBJjdNXecuyL5l71eSlqxmVWzSMmWp%2fdGhAV5JRJd5QHFxL%2f9jNLYYeKI1YtswEqhrSwXXhlp%0d%0aLOcvGb1IzzsfEA0y%2bPirawTDQ6rUaXcsnDRnR0GNayuSSrKf4p%2fEdxvj1CkiM8E%3d
LTPA2 cookie

WebSphere Application Server cookie

This cookie is used when HCL Commerce enabled for single sign-on with other WebSphere applications information center.
WC_EdgeCacheComponent_storeId Used for Edge Caching.
WC_identitySignature Management Center session cookie.
fulfillmentCenterId Fulfillment center selected in Accelerator.
LtpaToken2  WebSphere Application Server LTPA token used for single sign on.
Note:
  • All session cookies, except for WC_SESSION_ESTABLISHED, can be used in the Management Center preview environment. In the preview environment, the session cookie name is prefixed with WCP_. The cookies support sessions and users in the preview environment.
  • The value of session cookies is encrypted by using the session encryption key. For more information, see ../tasks/tsechangesessionkey.html.

HCL Commerce persistent cookie

The only persistent cookie used in HCL Commerce is WC_PERSISTENT. However, WCP_PERSISTENT exists for the Preview environment. This cookie, disabled by default, is used in the Remember me functionality and all marketing functions that rely on the personalization ID. For information, see Personalization ID. You can configure persistent sessions at a site, store, or individual customer level. You can set the time that the cookie persists for, see Changing session management settings in the HCL Commerce configuration file (wc-server.xml).

Aurora starter store cookies

The following table lists Aurora starter store cookies.
Aurora starter store cookies
Cookie name Description
analyticsFacetAttributes The list of facets that the customer clicked, making this data available to the analytics tags in those pages. The cookie is continually updated until the customer starts a new search or starts a new session.
analyticsPreCategoryAttributes Pre-category attributes used for Analytics.
analyticsSearchTerm Search terms used for Analytics.
CompareItems_storeId Catalog Entry IDs that are being compared.
priceMode Display mode for showing prices in the storefront.
searchTermHistory The history of terms searched.
signon_warning_cookie Error key that is used to retrieve error messages.
WC_ACTIVITYDATA_userId Session cookie that is created and processed by the Store server.
WC_GENERIC_ACTIVITYDATA Session cookie that is created and processed by a local (migrated) store.
WC_CartOrderId_storeId Active Order Id for the store.
WC_CartTotal_orderId Subtotal of order items (before tax and shipping), number of items, language, currency.
WC_DeleteCartCookie_storeId Cookie to force refresh of other Mini Shopping Cart cookies.
WC_physicalStores Physical stores that customer selects.
WC_pickUpStore Pick-up store ID that customer selects.
WC_recurringOrder_orderId Recurring order ID.
WC_ScheduleOrder_orderId_interval Scheduled orders interval.
WC_shipTypeValue Shipping type value: single or multiple.
WC_shipTypeValueOrderId The orderId that corresponds to the Shipping type.
WC_SHOW_USER_ACTIVATION_storeId Flag to show user activation message after user registration.
WC_OnBehalf_Role_storeId Cookie to track the role of the user who started an on behalf session.
WC_Base_Text_Direction This cookie is created when a shopper sets the Text Direction in the Language and Currency panel. The cookie can be used in HTTP and HTTPS.
  • Value: auto

Using HCL Commerce without cookies

If a user chooses not to accept cookies, the site can use URL rewriting for session management. However, URL rewriting does not work with dynamic caching. For more information, see Using URL rewriting for session management.