Collapse
Submit a Service Request
Contact Information for Technical Support
My Service Notifications
URL session parameter
Answer ID 10547 |
Last Review Date 06/03/2019
How to remove the session parameter from Customer Portal URLs?
Environment:
Oracle B2C Service, All supported versions
Resolution:
In order to remove the session parameter from URLs when accessing areas of the Customer Portal, CP_COOKIES_ENABLED needs to enabled (boolean value). When CP_COOKIES_ENABLED is set to 1 (true), it will determine the system to write the generated cookie to the browser, instead of placing the session parameter into the URL but only after the session is saved to the cookie. URLs will contain the session parameter on the first page load for a session (such as access from a bookmark), since there is not yet confirmation whether cookies are enabled for the end user's browser.
URL parameters will be used in case a visitor's browser will not accept cookies.
This is meant as a multi purpose setting. This eliminates link sharing and provides an extra out-of-the-box security level for URL parameters used, by storing session identifiers in cookies. Server side validation that owns a session ID is already in place.
Path to setting(s): Select Configuration from the navigation area > Site Configuration > Configuration Settings > and search by Key.
For additional information about Session Data please visit: Answer ID 5169: Technical Documentation and Sample Code, Customer Portal section.