Session management

Browsers and e-commerce sites use HTTP to communicate. HTTP is a stateless protocol, which means that each command is run independently without any knowledge of the commands that came before it. Because it is a stateless protocol, sessions must be managed between the browser side and the server side.

HCL Commerce supports two types of session management: cookie-based and URL rewriting.

The administrator can choose to support either only cookie-based session management or both cookie-based and URL rewriting session management. If HCL Commerce supports only cookie-based session management, customer browsers must be able to accept cookies. If both cookie-based and URL rewriting are selected, HCL Commerce first attempts to use cookies to manage sessions. If a customer browser is set to not accept cookies, then URL rewriting is used.

Cookie-based session management is secure and has performance benefits over URL rewriting. It is therefore recommended to use cookie-based session management for persisting user sessions.