Authentication Tickets

Commerce Server uses authentication tickets to authenticate users visiting your site. An authentication ticket is a mechanism used to authenticate users. It is made up of a property/value pair such as a userID and the value of the userID. For example, userID/joeuser is a property/value pair that would be in an authentication ticket.

A Commerce Server ticket contains information about a user visiting your site, such as a logon ID, the time when the user last visited your site, and a time window that indicates how long the ticket is valid. Commerce Server uses tickets to identify and authenticate users, and to associate user IDs with the profile information it collects about them.

Commerce Server uses two kinds of authentication tickets: MSCSProfile tickets and MSCSAuth tickets. When a user first accesses your site, Commerce Server creates an MSCSProfile ticket for that user, and writes it to the HTTP header. When a registered user is authenticated, Commerce Server creates an MSCSAuth ticket, and writes it to the HTTP header. Both tickets can be stored in the cookie or encoded in the URL query string.

This section contains:

• MSCSProfile Tickets
• MSCSAuth Tickets
• Tickets for Anonymous Users Who Register
• MSCSAuth and MSCSProfile Ticket Characteristics

Copyright © 2005 Microsoft Corporation.
All rights reserved.