Store-level session management

Store level user session management enables access control for a user and their roles across multiple stores.

The following diagram illustrates the HCL Commerce store level registration infrastructure and user session management in a multi-store environment. Store level registration uses access control roles to associate a customer with a store.

This diagram shows the process of store level registration and the hierarchy of the organizations, resellers, organizational units, when a shopper gets associated with a store.

Users that shop at a store do not necessarily need to be a member of the store organization. However, they must play a shopping role (that is, they must be a Registered Customer) in the organization. Users that play an administrative role in an organization are associated with the organization by having an ancestral relationship with the organization.

For example, suppose that you have a store, Store A as in the preceding diagram. Also, suppose that Sue shops at Store A and Joe is an employee for Store A responsible for the administrative duties of running Store A. To model this scenario from an organizational perspective, Joe belongs under Store A's organization but Sue does not. Because Sue is not an employee of Store A, Sue is associated with Store A because she plays the shopping role in the Store A organization.

A store determines all of its registered customers by finding all the users that play a shopping role in the store organization. A user administrator of the store can then perform store wide activities, such as setting up a campaign for all the registered users in a store. The user administrator of the store can also take specific actions, such as resetting the password of a user that is registered to its store.

Refer to the previous diagram and consider the following scenario:

  • Sue, who is a member of the Default Organization, has a shopping role in Reseller A's organization.
  • Reseller A's parent organization is the Reseller Organization.
  • Reseller A owns store A.
  • Sue does not have an organizational role in Reseller B's organization.
  • Reseller B owns store B.
  • Sue logs in to Store A and shops as usual.
  • When Sue accesses Store B, Sue is assigned a new session identity for Store B as a guest user.
  • If she accesses Store A again, the information in her previous session identity for Store A is used by HCL Commerce to manage her session.
  • The session identity for Store A would be reused for Store B if:
    • Store A and Store B belong to the same organization.
    • Sue has a role that is defined in both the Reseller A and Reseller B organizations.