Visitor Session State Management - Bloomreach Experience - Open Source CMS

Visitor Session State Management

This Bloomreach Experience Manager feature requires a standard or premium license. Please contact Bloomreach for more information.

Introduction

Bloomreach Commerce Accelerator maintains visitor session states such as authentication status or visitor's cart data. By default, the visitor session states are stored in HttpSession, but more advanced options are provided to allow storing the states in Cookies, too.

Default Option: Storing In HttpSession

By default, the following visitor session states are maintained in the HttpSession for the specific visitor:

  • Cart object, which contains the current visitor's cart data.
  • StoreUser object, which contains the current visitor's authentication status.

Therefore, both visitor session states have the same lifecycle of the visitor's HttpSession object. In other words, they will expire if the visitor is inactive for more than the maximum session inactive interval, which is the same as HttpSession#getMaxInactiveInterval().

Alternative Options: Storing In Cookies

Alternatively, you can choose options to store any of the visitor session states in Cookies instead.

Storing visitor's session states in Cookies is less secure than the default option. Therefore, please be cautious to meet your security requirements if applying any of these options.
By the way, in order to minimize security risks, the cookies are marked as HttpOnly at least.

Storing Cart in Cookie

To store visitor's cart data in Cookies instead, set the following property to false in the HST-2 Container configuration file (e.g, conf/hst.properties):

# Flag whether the visitor's store user info is stored in httpSession or cookie. true by default.
starterstore.cart.info.management.httpSessionBased = false

# The max age in seconds of the cookie for the visitor's cart info (e.g, cartId). 604800 seconds == 7 days by default.
starterstore.cart.info.management.cookie.maxAgeSeconds = 604800

Also, you can configure how long the cart data can live in the cookie storage by setting starterstore.cart.info.management.cookie.maxAgeSeconds property as shown above.

Storing StoreUser in Cookie

To store the StoreUser object for the visitor in Cookies instead, set the following property to false in the HST-2 Container configuration file (e.g, conf/hst.properties):

# Flag whether the visitor's cart info (e.g, cartId) is stored in httpSession or cookie. true by default.
starterstore.store.user.management.httpSessionBased = false
Even if this option forces to store visitor's StoreUser data in Cookies, the cookies are temporary ones in the browser's memory just until the browser is closed.
Also, the StoreUser cookie will expire if the visitor is inactive for more than the maximum session inactive interval, which is the same as HttpSession#getMaxInactiveInterval().

 

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?