Written by The Jahia Team
 
Developers
Sysadmins
   Estimated reading time:

Overview

jExperience relies on cookies to track sessions, this page will detail the two cookies used by the tracker.

wem-session-id

This cookie is required by the wem.js when loading the context, which allows you to keep and reuse the generated session UUID.

As this cookie is only read client side by Javascript (jtracker and wem.js), the cookie is not impacted by browser restrictions because it’s not used during HTTP requests directly.

The session ID is reused by the wem.js context loading and the session ID is passed to the context request using JSON.
In jtracker implementation, Jahia checks if this cookie is already present in the browser:

  • if not, Jahia creates the cookie with a random UUID (new session)
  • if yes, Jahia reuses the cookie and remains on the same session ID (ongoing session)

context-profile-id

This is a cookie set by jCustomer to store the profile ID on the client browser. 

The cookie is currently configured like this:

  • Domain: jCustomer domain
  • Path: /
  • SameSite: Lax

Since Lax configuration allows the cookie to be passed in top level navigation only (only for links and URL change in browser), this cookie might be impacted by recent browser limitations. However, in our case we are using AJAX requests to load the context.

context-profile-id on the same domain

When your site and jCustomer share the same domain or subdomain, the  cookie will be passed during AJAX context loading, allowing JCustomer to retrieve the user profile from the cookie.

As a result, each new session will be attached to the existing profile as the context-profile-id cookie already exists on the client.

context-profile-id on a different domain

When your site and jCustomer are not sharing the same domain or subdomain, the cookie will not be sent to JCustomer during AJAX context loading. jCustomer cannot retrieve the current profile from the cookie and must retrieve the profile from the session ID (see wem-session-id cookie). 

jCustomer can retrieve the user profile based on the current session ID, but if the wem-session-id cookie is expired or lost, jCustomer will be forced to create a new profile.