Enabling cookies for session management

Enable cookies for session management.

Procedure

  1. Open the HCL Commerce configuration file.
  2. Locate the Instance Properties > Session Management > cookie element.
  3. Set the appropriate session values.
          
    <cookie
            acceptance="false"
            age="-1"
            display="false"
            domain=""
            enabled="true"
            secure="true"
            path="/" persistence="wcs"/>
    acceptance
    Set to true if he customer's browser accepts cookies for a site that only supports cookies.
    age
    domain
    Specifies a domain restriction pattern. A domain restriction pattern specifies the servers that can view a cookie. By default, cookies are only sent back to the Transaction server that issued them. For example, if you make a request to a Transaction server at subdomain.domain.com, then cookies that are created by that server are only visible to the server at that subdomain when the user returns to it. Specifying a domain name pattern overrides this behavior. The pattern must begin with a dot and must contain at least two dots. A pattern matches only one entry beyond the initial dot. For example, ".ibm.com" is valid and matches "a.ibm.com" and "b.ibm.com" but not "www.a.ibm.com". For details on domain patterns, see Netscape's Cookie Specification and RFC 2109.
    enabled
    path
    secure
    Specifies whether or not the Transaction Server cookies should have the secure attribute set, meaning they would only flow over HTTPS.
    HCL Commerce Version 9.0.1.16 or laterNote: By default, all session cookies are set as secure. Adding the secure parameter to this configuration file, and setting its value to true will enable the same functionality. The flag can also be disabled, by setting secure to false. Disabling secure session cookies is not recommended, however, unless the site has pages that require using HTTP.
    OptionDescription
    Cookie acceptance test Select this check box to check if the customer's browser accepts cookies for a site that only supports cookies.
    Cookie session manager Select whether you want HCL Commerce or WebSphere Application Server to manage your cookies. The default is HCL Commerce.
    • A WebSphere Application Server session cookie is based on the servlet HTTP session standard. WebSphere Application Server cookies persist to memory or to the database in a multinode deployment. For more information, see Session management support.
    • an HCL Commerce session cookie is internal to HCL Commerce and does not persist to the database.
  4. Save and close the file.
  5. Open the Store server configuration file.
  6. Locate and update the SessionManagement section of the configuration file to set the cookie configuration options for the Store server, if required.
    Note: By default, cookies have the secure attribute enabled.
  7. Save and close the file.

Results

Cookies are now configured for session management.