Warning: Your browser is very out-of-date. You should upgrade to a better browser.

Cookie and session management is an important aspect of any ecommerce store. Everything from a customer’s cart, checkout process and recently viewed products is made possible by knowing who is using the website. This is where cookies come into play.

The Session Cookie Management options specify how and where cookies are set and used in your Magento store.

The Session Validation Settings ensure the safety of the information stored in sessions by checking known information gathered from previous visits by a customer matches the current information.

session-cookie-management
  • Cookie Lifetime is the time a cookie will remain ‘alive’ if the customer returns to the website within this timescale (in seconds) their cart/checkout/details will have been stored. If the cookie expires that information is no longer available to the customer
  • Cookie Path will usually just need a forward slash “/”, that means the cookie will be available across the domain and nto be limited to a specific directory.
  • The Cookie Domain will usually be your domain name preceded by a dot, and excluding the “www”. This means the cookie will be available on all sub domains
  • Use HTTP Only should usually be set to ‘yes’, this means that the cookie will remain active as the user switches between http:// and https://. If this is set to ‘no’ you will experience the customer’s cart emptying as they switch between non-SSL and SSL versions of the site, which is usually when clicking through through to the checkout.
  • Cookie Restriction Mode will notify your visitors that cookies are required for full-featured operations. It relates specifically to EU cookie directive.

Session Validation Settings

session-validation-settings
  • Validate REMOTE_ADDR checks that the customer’s public IP address is the same
  • Validate HTTP_VIA verifies that the proxy address of an incoming request matches what is stored
  • Validate HTTP_X_FORWARDED_FOR checks that the forwarded-for address of a request matches what was stored previously.
  • Validate HTTP_USER_AGENT checks that the browser/device matches previous visits.
  • Use SID on Frontend adds a ID to the end of URLs that allows Magento to recognise visitors as they pass between domains set-up on the one Magento install.

Magento

Magento is a feature-rich ecommerce platform built on open-source technology that provides online merchants with unprecedented flexibility and control over the look, content and functionality of their ecommerce store.

About Magento Ecommerce · Magento Posts

Related Magento Posts

Magento July 2021

Magento 2 Blog Extensions

While Magento isn't the go-to platform for blogs it can be useful for store owners to have a quick and easy way to post updated...
Magento April 2021

Notes: Magento 2 Directory Structure

## Magento 1 A brief reminder of the Magento 1 folder structure: * **app/code** followed by either * **/core** for core files * **/community** for...
Magento March 2021

Magento 2.4.2

The latest version of [Magento](/magento-ecommerce) has been released - Magento version 2.4.2 is the usual mix of security updates, performance and some improvements to the...

More Magento Posts...