Announcement: You can find the guides for Commerce 7.5 and later on the new Elastic Path Documentation site. This Developer Center contains the guides for Commerce 6.13.0 through 7.4.1.Visit new site

This version of Elastic Path Commerce is no longer supported or maintained. To upgrade to the latest version, contact your Elastic Path representative.

Authentication - Cookies

Authentication - Cookies

Cookies are required to interface with Cortex's OAuth authentication system and allows access to AEM's sling repository.

EP Commerce for Adobe Marketing Cloud uses the following cookies:

login-token cookie

  • Used By : AEM Jackrabbit login modules
  • Generated When :
    • shopper logs into a store
    • shopper's login-token expires
  • Contains :
    • auth token
    • shopper information for accessing AEM's sling repository
  • Deletes When: shopper logs out.

cortexSession

Is a serialized cookie containing information about the shopper for Cortex. When accessing this cookie, it must be deserialized. This cookie is used by passing the OAuth token to Cortex Java SDK to perform commerce functionalities.
  • Used By :
    • EP Commerce for AMC
    • The EP Commerce for AMC registration service
    • The EP Commerce for AMC shopper information retrieval service
  • Generated When :
    • shopper logs in using the CortexAuthenticationHandler
    • shopper's cookie expires and the commerce api is called
    • An OAuth2 token which is used to access information from within cortex as well as identify the shopper
  • Contains :
    • A shopper's identifying id within Cortex
    • A shopper's current scope within Cortex
    • A shopper's current role within Cortex
    • The expiry date of the cookie
    • The version of the cookie
  • Deletes When:
    • The shopper deletes the cookie from their browser
    • The shopper logs out of their session in AEM
  • Created By:
    • Loading the current Cortex token, current Cortextoken expiry, and Cortex scope from within a shadow shopper inside of AEM.
    • Generating an EP-identifier property within the token and the shadow shopper in aem to ensure that the shopper exists.
      Note: If the shopper is anonymous, this identifier will be "none".
    • Then the above values are serialized into a cookie value and then stored into the shopper's client.

ep-login-token

Primarily used in author mode so that whenever you log out in author mode, it returns the shopper to the previous shopper prior to logging in. This cookie is copy of the AEM's login-token to be used for EP Commerce for AMC authentication purposes.

Usage of the ep-login token

  1. Author enabled shopper logs into AEM whilst in Author mode.
  2. Shopper goes to geometrixx site and logs in as a different shopper someguy@mail.com:somepassword.
  3. Shopper logs out, so shopper is returned to being the Author enabled shopper.