Tracking Registered Users

When a registered user accesses one of your sites, that user needs to identify himself or herself to the Personalization module to ensure that the correct profile is associated with him or her. Typically, this is done by requiring the user to log in. Requiring a login helps maintain the security of your sites.

However, logging in may be an annoyance to users, especially if it is not necessary for security reasons. For example, you may use the Personalization module to target personalized content to registered users, but your sites may not contain any material to which access is restricted. If this is the case, you may want to use the Personalization module’s Auto-Login feature. If you use Auto-Login, users do not have to login to your sites, but the Personalization module still has sufficient information to determine the profile to use.

When you enable auto-login, the Personalization module attempts to log in a visitor automatically, using the value of the REMOTE-USER HTTP header from the visitor’s request. If the Personalization module doesn’t find a profile with a visitor login property that corresponds to the REMOTE-USER header, it treats the visitor as anonymous and creates an anonymous profile, until the visitor actively logs in. The Personalization module cannot automatically log in a visitor unless the visitor is registered.

Auto-Login

The Personalization module offers three methods you can use to automatically log in visitors who are returning to a site without requiring them to enter a login:

Note that if you use any of these forms of auto-login, the Personalization module sends the login event before it sends the session creation event. This is because the session event needs to be able to refer to the user’s profile.

Auto-Login with Basic Authentication

You can set up your sites to log in member visitors automatically either using cookies, as described in the Auto-Login with Cookies section, or using the Basic Authentication service.

To enable the auto-login feature for Basic Authentication, set the following property in the /atg/userprofiling/ProfileRequestServlet:

verifyBasicAuthentication=true

For more information about using the Basic Authentication service, see the discussion of the BasicAuthenticationPipelineServlet in the Request Handling with Servlet Pipelines chapter of the Platform Programming Guide.

Auto-Login with Cookies

You can configure the Personalization module to use persistent cookies with its auto-login features. To configure the Personalization module to send auto-login cookies, set the following property in the /atg/userprofiling/CookieManager component:

sendProfileCookies=true

Note that if you use auto-login with cookies, the user can access a site without logging in until the cookie expires. However, if the user explicitly logs out, the Personalization module overwrites the persistent cookie with a temporary cookie, so that the user must explicitly log in the next time he or she accesses the site. (This gives users a way to keep unauthorized people from accessing their data.)

If you use auto-login with cookies, you should not also use auto-login with Basic Authentication. Disable the auto-login feature for Basic Authentication by setting the following property in the /atg/userprofiling/ProfileRequestServlet:

verifyBasicAuthentication=false

See Auto-Login with Basic Authentication for more information.

Auto-Login by Profile

You can set up your sites so that registered users can choose whether or not they want the sites to log them in automatically. After a user registers on one of your sites for the first time, his or her login information is stored in a user profile. You can provide a “Log me in automatically” option that users can choose on your Web sites. If they choose this option, set the autoLogin property of their user profile to true. (Note that autoLogin is the default name for this property; you can change it by setting the autoLoginPropertyName property of the /atg/userprofiling/PropertyManager component.)

Once users choose auto-login, every time they visit one of your Web sites, the Personalization module checks their user profile and, if the auto-login property is set to true, the PropertyManager component tells the ProfileRequestServlet to send out an auto-login cookie and allows the user to automatically access the sites. To use this form of auto-login, you must therefore also set the sendProfileCookies property of the CookieManager component to true. See Auto-Login with Cookies for more information.

Note that auto-login applies to all Web sites in a multisite environment. If a user is automatically logged in for one site in your system, he or she is logged into all sites.

Copyright © 1997, 2015 Oracle and/or its affiliates. All rights reserved. Legal Notices