Persistent Cookies

Commerce Server uses persistent cookies to track anonymous users who visit your site. For anonymous users who allow cookies, persistent cookies are stored on the computer of the user.

When you configure the CS Authentication resource, you determine how long the persistent cookie is valid. By default, persistent cookies are valid until January 15, 2038.

A session persistent cookie can contain the MSCSProfile ticket. Or, the MSCSProfile ticket can be encoded in the URL.

Persistent cookies contain the user ID. You can determine the value to use as the user ID. For example, you can use a globally unique identifier (GUID) generated by one of your ASP pages. (Commerce Server includes the GenID object, which you can use to generate GUIDs.) If the anonymous user registers on the site, and becomes an authenticated user, this GUID can be transferred to their session cookie.


  • You can add custom properties to persistent cookies. However, do not store sensitive information in cookies, such as credit card or social security numbers. Doing so would be a security risk.

See Also

Authentication Tickets

Persistent Cookies

Summary of Cookie Features

Rolling Key Encryption for Authentication Tickets

Copyright © 2005 Microsoft Corporation.
All rights reserved.