Session management in SuiteCommerce Advanced (SCA) relies on cookies to track and manage user interactions. There are three primary cookies used for this purpose:
- JSessionID
- NLvisitor
- NLshopperID
These cookies are marked as HttpOnly, meaning they cannot be accessed or modified through frontend JavaScript. This enhances security, as HttpOnly cookies can only be managed by the backend.
Backend Cookie Restrictions
Certain cookies, such as JSessionID, cannot be set directly using standard cookie-setting functions in the backend. JSessionID acts like a VIP in the session management system — untouchable and managed solely by the system. However, sessions tied to this cookie can still be manipulated indirectly.
Handling Session Termination
While the JSessionID cookie cannot be directly modified, it can be removed by invoking the logout() function in the shopping session. However, there’s a catch: the logout() function is not accessible in the shopping context. It is only available in the My Account and Checkout contexts. To execute a logout operation, you need to redirect the user to the logout page link.
Identifying Users with Cookies
Even if a customer closes their browser without logging out, they can still be recognized when they return, thanks to these cookies. Two functions within the shopping session — isRecognized() and isLoggedIn3() — can be used together to determine the user’s state:
- New (anonymous) user:
isRecognized() == falseandisLoggedIn3() == false - Registered and logged-in user:
isRecognized() == trueandisLoggedIn3() == true - User clicked the logout link:
isRecognized() == falseandisLoggedIn3() == false - User logged in, closed the browser, and returned later:
isRecognized() == trueandisLoggedIn3() == false
These scenarios allow you to handle user states effectively, ensuring a seamless and secure shopping experience for customers. By leveraging these session management features, developers can better manage user authentication and interactions within SCA.