Cookies and Authentication

A Commerce Server cookie contains information about the user such as the user logon name and an identification number, the date when the user last visited your site, and a time window that indicates how long the cookie is valid. Commerce Server uses cookies to identify and authenticate users, and to associate user IDs with the profile information it collects about them.

Commerce Server includes the CS Authentication resource that the system administrator uses to determine how cookies will be implemented on your site.

Using Cookies

Commerce Server and the Use of Cookies

Using Cookies

The system administrator specifies how cookies are used in Commerce Server Manager by configuring the authentication properties for the application. Commerce Server provides different options that can apply to cookies on your site:

• Encrypt cookies. The system administrator can configure Commerce Server to encrypt cookies generated by your applications. By encrypting cookies, you ensure that only your Commerce Server applications can read the cookies.
  
  
• Share cookies among domains and applications. The system administrator can configure Commerce Server to share cookies among different domains. Each cookie has a domain property that determines the domain in which the cookie is valid. The domain is determined by the string that precedes ".com" (or another extension). For example, assume you have two domains: premier.microsoft.com and msn.microsoft.com. In this example, the domain would be .microsoft.com. The system administrator can configure the CS Authentication resource so that cookies can be shared among applications on the same site.

  In some cases, you may not want to share cookies among applications in the same site, because the presence of cookies will impact the analysis results of user activity on your site. For example, if you have a site that sells office supplies, and you share cookies between a supplier application and a retail application, your analysis results will not differentiate user activity between the two applications. The purchases made at the supplier site may show one user purchasing office supplies in very large quantities, but the retail site may show users purchasing supplies in small quantities. The application type explains the difference.

• Generate cookies for guest users. The system administrator can configure Commerce Server to automatically generate cookies for guest users, which enables you to collect profile data about how users logging in as guests use your site. When guest users register, their cookies are updated, so you do not lose the profile data gathered when the user was anonymous.

Commerce Server and the Use of Cookies

When a user browses your site, the cookie is stored in the Web log files and Commerce Server databases with the click history, transaction history, and any explicit profile data the user provides.

If a user does not allow cookies, and you have implemented cookieless shopping, then the cookie data (including the globally unique identifier (GUID)) is placed in an encoded Uniform Resource Locator (URL) string. The URL string can be used to pass user information between pages. By associating the GUID with the user activity that takes place on the site, Commerce Server enables you to analyze the activities of anonymous, cookieless users.

The Web log files and the data in the Commerce Server databases are imported into the Data Warehouse so that you can analyze the user data. When the data is imported, the user ID parses it. Each instance of the user ID becomes a row in the Data Warehouse. The user ID is the primary key of the row, so that when you run a report or view an analysis model that uses the user data, the user ID accesses the data.