Toggle menu

Sessions and Session Cookies

The frameworks support two different methods for sharing sessions between subsites, allowing a user logged in via one subsite to remain logged in when they visit another.

Session Cookies

A single enterprise iCM installation will often power multiple subsites. When these subsites are accessed on different subdomains, you can allow session cookies to be shared. That means if a user logs in via one site, they could be recognised and treated as logged in by another subsite.

You can enter domains in a subsite's configuration:

Cookie Domains

This means that two subsites, https://site1.mydomain.com and https://site2.mydomain.com, each with this setting, would set the domain attribute of their session cookie as .mydomain.com.

Note that all of the usual iCM and site security features still apply. A user navigating from one site to the other would still have to be in the relevant security groups to access content and both subsites would have to be in the same zone.

Care should also be taken if a subsite can be accessed on multiple URLs or aliases. The configured domain will only be written if the URL that's being used matches one of the domains in the list.

Transferring Sessions

This feature isn't something that needs to be configured, it happens automatically. It is primarily intended to support Assisted Service users who might log in on a staff subsite, but need to assist a user on a public website in the same iCM installation.

The sequence of events is:

  • A user is logged in on Subsite A
  • The user follows a link to an article on Subsite B - this must be a link iCM "knows" about, usually a related article or article inline, but could be an article selected via the extra tab
  • The user is now logged into Subsite B
  • A cookie is set for the Subsite B domain which has the same session ID as the one previously set for Subsite A

As with session cookies, all of the usual iCM zone and user group security still applies.

Last modified on 24 March 2020

Share this page

Facebook icon Twitter icon email icon

Print

print icon