Secure > Session management > Use cookies for session management

Persistent sessions (Remember Me)

WebSphere Commerce can be configured to enable persistent sessions, meaning that some session-related information of the registered or guest user will be stored as permanent cookies. If persistent sessions are enabled, a customer at a WebSphere Commerce store will be recognized on subsequent visits to the store, even after closing the browser. Sessions can be persisted for both guest and registered users. Persistent sessions are disabled by default. If enabled, sessions are by default persisted for 30 days.

Persistent sessions increase the ability of the store to monitor customer activities:

• Analytic tools can correlate shopping activities that span multiple sessions, even if the user does not register.

• Marketing experimentation can contain data from multiple sessions including the sessions of guest customers.

Persistent sessions enhance the shopping experience:

• It is easier for a customer to resume his or her existing shopping experience.

• It is the only way for a guest customer to retrieve the pending shopping carts from a previous session.

The customer must be accessing the store from the same computer that he or she used to create the persistent session. Customers can choose not to be remembered by clearing the Remember Me check box. In this case, their information will not persist into the next session.

When persistent sessions are enabled and the customer has elected to be remembered by clicking the Remember Me check box on the logon or registration page, then the customer can view the following information:

Customer type	Can view	Cannot view
Guest user	the pending shopping cart from previous sessions	order history previous shipping and billing addresses
Registered user Registered customers are prompted to log on before they can view sensitive information.	the pending shopping cart from previous sessions coupons promotions eligible contracts addresses

When a remembered guest user returns to the site, a new guest user is created when the session tries to access a protected request (configured through the Struts configuration). The shopping cart of the previous guest user is reset to the new guest user and all sensitive information of the order, such as address and credit card, is removed. This results in providing greater security for guest users who complete an order in the store.

Consider the common scenario where a guest user places an order at a location providing public Internet access. By creating a new guest user each time the remembered guest gone through a protected request, it prevents another user from viewing any previous information such as their order history, previous shipping and billing addresses, and other information provided during the checkout process. Therefore, users placing orders through locations providing public Internet access can do so safely, without their privacy becoming a concern through future sessions.

Persistent cookies

WebSphere Commerce contains the following persistent cookie:

WebSphere Commerce persistent cookie

Cookie name	Description
WC_PERSISTENT	This cookie is used to persist user ID, language ID, and currency for each store ID visited in the session. Multiple sets of identifiers can exist if the user visits more than one store.

Remembered users

By default, the Logoff command deletes the persistent session. However, if rememberMe=true is passed to the Logoff command then the registered user will be logged off but remembered. The session will persist, and the registered user will be able to view the shopping cart but not other information such as order history or addresses.

To view this sensitive information the customer will need to log on to the store.

Consider the following examples:

Example 1:

The site has enabled the Remember Me feature. A registered user performs the following actions:

1. Logs on to a store and checks the Remember Me check box.

2. Adds items to the shopping cart.

3. Logs off from the store.

4. The rememberMe=true parameter is passed to the Logoff command, and the user will be logged off but the session will be persisted.

Example 2:

A site with multiple stores, S1 and S2, has enabled the Remember Me feature. A registered customer performs the following actions:

1. Logs on to store S1 and checks the Remember Me check box.

2. Adds items to the shopping cart in the S1 store.

3. Adds items to the shopping cart in the S2 store.

4. Closes the browser.

The shopping cart persists for both stores.

If on a subsequent visit, the registered user clears the Remember Me check box on the My Account page of store S1, the shopping cart for store S2 continues to persist, but the shopping cart for store S1 does not.

For an example of persistent session implementation, see the Madisons starter store provided with WebSphere Commerce. Refer to the Logon and Registration JSP pages provided with the starter store for an example of the Remember Me check box.

• Enable persistent sessions globally
  For the stores on the site to offer registered customers the ability to be remembered or to remember guest customers, enable persistent sessions globally.

• Enable persistent sessions in a single store
  Persistent sessions are particularly useful in consumer direct stores, although it is possible to enable B2B direct stores with persistent sessions as well. The steps to enable persistent sessions in the stores only differ in the locations and names of the files that need to be altered. In both cases, the store's Logon and UserRegistrationAdd forms require changes. The steps must be performed for all the stores in the site that need persistent sessions.

• Dynamic caching considerations for persistent session
  Consider the following example: The Remember Me feature has been enabled, and a guest customer returns to a store. The Remember Me (persistent session) feature in WebSphere Commerce does not require that the first request processed by the WebSphere Commerce Server be skipped by the dynamic caching facility and processed by the run time. The only caching requirement is that any request displaying user oriented data must be processed once by the WebSphere Commerce run time before it displays this data. Since pages that contain data pertaining to a particular user are not typically cached, it is acceptable to delay generating the new guest customer until a non-cacheable operation is requested where a new guest customer is created and then migrated.

Related concepts

Personalization ID

Users

Web activities

Related tasks

Enable personalization ID

Disable personalization ID

+

Search Tips   |   Advanced Search