Session Management and Validation Settings in Magento Configuration

Posted in Magento on 18 November 2016

This post has been archived

The content of this post has not been updated since 2015, and may be out of date. Extra care should be taken with any code provided.

Cookie and session management is an important aspect of any ecommerce store. Everything from a customer’s cart, checkout process and recently viewed products is made possible by knowing who is using the website. This is where cookies come into play.

The Session Cookie Management options specify how and where cookies are set and used in your Magento store.

The Session Validation Settings ensure the safety of the information stored in sessions by checking known information gathered from previous visits by a customer matches the current information.

session-cookie-management
  • Cookie Lifetime is the time a cookie will remain ‘alive’ if the customer returns to the website within this timescale (in seconds) their cart/checkout/details will have been stored. If the cookie expires that information is no longer available to the customer
  • Cookie Path will usually just need a forward slash “/”, that means the cookie will be available across the domain and nto be limited to a specific directory.
  • The Cookie Domain will usually be your domain name preceded by a dot, and excluding the “www”. This means the cookie will be available on all sub domains
  • Use HTTP Only should usually be set to ‘yes’, this means that the cookie will remain active as the user switches between http:// and https://. If this is set to ‘no’ you will experience the customer’s cart emptying as they switch between non-SSL and SSL versions of the site, which is usually when clicking through through to the checkout.
  • Cookie Restriction Mode will notify your visitors that cookies are required for full-featured operations. It relates specifically to EU cookie directive.

Session Validation Settings

session-validation-settings
  • Validate REMOTE_ADDR checks that the customer’s public IP address is the same
  • Validate HTTP_VIA verifies that the proxy address of an incoming request matches what is stored
  • Validate HTTP_X_FORWARDED_FOR checks that the forwarded-for address of a request matches what was stored previously.
  • Validate HTTP_USER_AGENT checks that the browser/device matches previous visits.
  • Use SID on Frontend adds a ID to the end of URLs that allows Magento to recognise visitors as they pass between domains set-up on the one Magento install.

Related Magento Posts

October 2023

Magento database structure

The database structure of Magento is designed to store and manage various aspects of an e-commerce website, including products, orders, customers, and more. Understanding the...

Continue reading

August 2023

Accessibility in ecommerce websites

In the digital age, where online shopping has become an integral part of our lives, ecommerce websites hold the key to business success. Amidst the...

Continue reading

August 2023

Using Magento to get small businesses online

For small businesses aiming to establish a formidable online presence and drive sales, Magento emerges as a powerful e-commerce platform offering a suite of features...

Continue reading

July 2023

How can I speed-up my Magento website?

Speed optimisation is crucial for a Magento website as it directly impacts user experience, conversions, and search engine rankings. You should prepare your server so...

Continue reading

June 2023

.htaccess: Enable GZIP Compression for Magento

Enable Gzip compression on your server to compress your website's files before sending them to the visitor's browser. This significantly reduces the file size, resulting...

Continue reading

April 2023

Popular Payment Gateways

Ecommerce payment gateways are critical components of any online store, as they enable merchants to accept payments from customers securely and conveniently. There are many...

Continue reading

More Magento Posts