Share via

Session Cookies

  • Article

Commerce Server uses session cookies to track authenticated users who visit your site. When the session ends, Commerce Server deletes the session cookies.

A session cookie can contain the MSCSAuth ticket. Or, the MSCSAuth ticket can be encoded in the URL.

Session cookies contain the following data:

  • User ID. The user ID is used to uniquely identify the user. You can determine the value to use as the user ID.
  • Time of last login. Records the time the user accessed the site.
  • Time window. The length of time, in minutes, a session cookie is valid. If a user is authenticated, leaves the computer without logging off (or is inactive for a period of time), and then returns before the close of the time window, then the user does not need to be authenticated again. However, if the user returns after the close of the time window, then the user must log in again.

Ee784322.note(en-US,CS.20).gifNote

You can add custom properties to session cookies. However, do not store sensitive information in cookies, such as credit card or social security numbers. Doing so would be a security risk.

See Also

Authentication Tickets

Summary of Cookie Features

Copyright © 2005 Microsoft Corporation.
All rights reserved.