Enabling multiple logon support for the same user

Enable multiple logon support to allow for the same authenticated user to use the site from multiple browsers or locations. This feature eliminates the termination of the session and the request to reauthenticate a user, if that same user logs in from a different browser or location.

The standard behavior for HCL Commerce session management (by using cookies, REST tokens, or activity tokens) is to allow only one active session per user. If a user logs in from another browser or location, and they attempt to make a request with their first session, the following error is displayed:

Generic Error: Your logon ID may have been used in another location. Sign in again to continue.

This default behavior can be modified to allow multiple sessions per user. With multiple session support enabled, each user session acts independently. For example, each session can timeout or be logged out without affecting the other. All site functions are shared between user sessions. Any changes that are made to the cart through one session, for example, are display in the other session.

Important:
  • To mitigate the reduced security of enabling multiple logon support, session timeout must be enabled. To enable session timeout, see Session timeout.
  • HCL Commerce Version 9.0.1.16 or laterMultiple logon support security is enhanced in version 9.0.1.16. All sessions are now invalidated when sensitive security-related events occur, such as when a user account is disabled by an administrator, the user's password is reset, or if the user logs off in one of their sessions.

Procedure

To enable multiple login support:
  1. Open the HCL Commerce configuration file.
  2. Find the <SessionManagement> section of the XML, and insert the following line:
    <SessionManagement>
    	<url-rewriting display="false" enabled="false"/>
    	<cookie acceptance="false" age="-1" display="false"
    		domain="" enabled="true" path="/" persistence="wcs"/>
    	<referrerCookie age="-1"/>
    	<PersistentSession cookieExpiry="30"
    		delayNewPersistentGuestSession="true" display="false" enable="true"/>
    	<PersonalizationId display="false" enable="true"/>
    	<AllowMultipleLogonForSameUser display="false" enabled="true"/>
    </SessionManagement>
  3. Save and close the file.