Magento 1.x Security Patch Notice
For Magento Open Source 1.5 to 1.9, Magento is providing software security patches through June 2020 to ensure those sites remain secure and compliant. Visit our information page for more details about our software maintenance policy and other considerations for your business.
Persistent Cart Workflow
When Persistent Shopping Cart is enabled, the workflow depends on the values of the “Enable Remember Me” and “Clear Persistence on Log Out” settings, the customer’s decision to select or clear the “Remember Me” checkbox, and when the persistent cookie is cleared.
When a persistent cookie is applied, a Not %Jane Smith%? link appears in the page header, to give the customer the ability to terminate the persistent session and start working as a guest, or log in as a different customer. The system retains a record of the shopping cart contents, even if the customer later uses different devices to shop in your store. For example, a customer can add an item to the shopping cart from a laptop, edit the cart contents from a desktop computer, add more items from a mobile device, and complete the checkout process from a tablet.
There is a separate independent persistent cookie for each browser. If the customer uses multiple browsers while visiting your store during a single, persistent session, any changes made in one browser will be reflected in any other browser when the page is refreshed. While the persistent shopping cart is enabled, your store creates and maintains a separate persistent cookie for each browser that is used by a customer to log in or create an account.
-
Leaving an Open Session on a Shared Computer
Jane is finishing up her holiday shopping with a persistent session, and adds a present for John to her cart, as well as something for her mother. Then she goes to the kitchen for some milk and cookies.
John sits down at the computer to do some quick shopping while Jane’s in the kitchen. Without noticing the “Not %Jane%” link at the top of the page, he finds a nice present for Jane and adds it to the cart. When he goes to checkout and logs in as himself, both the items in Jane’s cart are added to his cart. John’s in such a hurry that he doesn’t notice the additional item during Order Review, and submits the order. Jane’s cart is now empty, and John bought presents for both Jane and her mother.
Jane brings John some milk and cookies, and asks, “What’s up?” He says, “Oh, nothing.”
Remember Me
Customers can click the “Remember Me” checkbox on the Login page to save the contents of the their shopping carts.
-
Yes
A persistent cookie is created, and the contents of the shopping cart is saved for the customer’s next logged-in session.
No
If “Remember Me” is not selected or is cleared, a persistent cookie is not created, and the cart information is not saved for the customer’s next logged-in session.
Continue Persistence After Logout (No)
-
No
When the customer logs in, the persistent cookie is invoked, in addition to the session cookie which is already in use.
No
When the customer logs out, the session cookie is deleted, but the persistent cookie remains in effect. The next time the customer logs in, the cart items are restored, or added to any new items that have been placed in the cart.
No
If the customer does not log out, but the session cookie expires, the persistent cookie remains in effect.
Clear Persistence on Logout (Yes)
-
Yes
When the customer logs in, the persistent cookie is invoked, in addition to the session cookie which is already in use.
Yes
When the customer logs out, both cookies are deleted.
Yes
If the customer does not log out, but the session cookie expires, the persistent cookie remains in effect.
Persistent Cart Settings and Effects
-
Settings
Effect
Enable Remember Me = “No”
Clear Persistence on Log Out = any value
The Remember Me checkbox is not available on the login and registration page. The persistent cookie is not used.
Enable Remember Me = “Yes”
Clear Persistence on Log Out = any value
Remember Me (not selected)
The session cookie is applied as usual; the persistent cookie is not used.
Enable Remember Me = “Yes”
Clear Persistence on Log Out = “Yes”
Remember Me = “Yes”
When a customer logs in, both cookies are applied. When a customer logs out, both cookies are deleted. If a customer does not log in, but the session cookie expires, the persistent cookie is still used. Apart from logging out, the persistent cookie is deleted when its lifetime runs out or when the customer clicks the Not %Jane Smith% link.
Enable Remember Me = “Yes”
Clear Persistence on Log Out = “No”
Remember Me = “Yes”
When a customer logs in, both cookies are applied. When a customer logs out, the session cookie is deleted, the persistent session continues. The persistent cookie is deleted when its lifetime runs out or when the customer clicks the Not %Jane Smith% link.