Wednesday, September 30, 2015

Auto Login with Cookies aka warm users experience / soft login (ATG Oracle Commerce)

ATG does provide auto login with cookies OOTB, is just matter of configure this:
This will create 2 cookies to make this possible DYN_USER_ID and DYN_USER_CONFIRM. The DYN_USER_CONFIRM cookie is a hash of the DYN_USER_ID cookie.
There are few steps in order to make this happen:

@ /atg/userprofiling/CookieManager.propertie configure sendProfileCookies and profileCookieMaxAge

 
#Set to true to send a profile cookie including the user ID.
sendProfileCookies=true
# Set to be 30 days
profileCookieMaxAge=2592000
@ /atg/userprofiling/ProfileRequest.propertie configure extractProfileFromCookieParameter property

 
# 
# /atg/userprofiling/ProfileRequest
# Profile information associated with a request
# It will tell the application that the profile can login from cookieParameter to allow warm user or soft-login enabled
#
extractProfileFromCookieParameter=true
This is configured at https://docs.oracle.com/cd/E52191_02/Platform.11-1/ATGPersProgGuide/html/s0502trackingregisteredusers01.html
and all the configuration for those cookies https://docs.oracle.com/cd/E52191_02/Platform.11-1/ATGPersProgGuide/html/s0502profilecookieconfiguration01.html

Important Note: If you did are not using CRS on your project do the following update to make thre rest of the users to be able to autologin with cookies


 
UPDATE DPS_USER SET AUTO_LOGIN = 1 WHERE AUTO_LOGIN = 0;
COMMIT;
@ /atg/userprofiling/userProfile.xml configure autoLogin property to have default value as true

 
   
    ....
         
    ....
    
With this configuration in place, customers will be logged in with Security level 2 (Auto-login by cookies) as shows the following table:

This is documented at https://docs.oracle.com/cd/E52191_02/Platform.11-1/ATGPersProgGuide/html/s0502securitystatus01.html
In order to configure the access that your user logged with cookies will have you can configure AccessControlServlet due, warm users can do just a few things on the site, checkout is somehting you do not want them to do.
Post a Comment