Log a registered user on to a store or site.
Use this command with SSL (Secure Sockets Layer) to ensure that the customer's logon password and personal information are encrypted. To do so type the command with the HTTPS secure protocol.
Command structure
- http://host_name/path/
- The fully qualified name of your WebSphere Commerce Server and the configuration path
Parameter values
- langId
- Sets or resets the preferred language for the duration of the session; the supported languages for a store are found in the STORELANG table
- URL
- The URL to be called when the command completes successfully
- storeId
- The reference number of the store the user is logging on to
- logonId
- The registered user's logon ID
- logonPassword
- The registered user's password
- reLogonURL
- The URL that is called if the command fails to complete
Example 1
The following example logs the customer with the logon ID henry and the password hsmith on to the store with reference number 4, and then displays the store home page.
https://myhostname/webapp/wcs/stores/servlet/Logon?logonId=henry &logonPassword=hsmith&URL=http://grocery/home.htm&storeId=4 &reLogonURL=/webapp/wcs/stores/servlet/LogonForm
Example 2
This example logs a registered user on to the system. Redirection takes place to a JSP.
https://myhostname/webapp/wcs/stores/servlet/Logon?storeId=31&logonId=msur1&logonPassword=msur1 &reLogonURL=LogonForm&URL=FVTestSite.jsp
Behavior
- Calls the VerifyCredentialsCmd task command, which calls one of the following tasks:
- DBAuthenticationCmd (This task always needs to be defined and we do provide a default implementation)
- LDAPAuthenticationCmd
- ThirdPartyAuthenticationCmd
This ensures that the customer's logon ID and password are correct.
- Calls the following tasks:
- AccountLockoutPolicyCmd
- AuthenticationPolicyCmd
- MigrateUserEntriesCmd (This task always needs to be defined and we do provide a default implementation)
- If any of the ancestral organizations to which a customer or administrative user for a store belong are locked, they will not be able to log on to the store.
- If a user does not play a role in a store's organization or any of its ancestral organizations, WebSphere Commerce does not allow the user to logon to the store.
- With the Logon command, users logon on a per-store basis, and not a per-site basis.
- If a users's registration approval status is pending approval, WebSphere Commerce does not allow that user to logon to the store.
Note: WebSphere Commerce does not support the concurrent login of two or more users that log in using the same user ID. For example, consider the scenario where two users at a company regularly share an account at a store. Suppose the first user is on the store's payment page, and just before submitting his or her order, the second user logs in. The following is what will take place:
- Browser one ... User 1 logs in as user "xyz"; adds an item to the shopping cart.
- Browser two ... User 2 logs in as user "xyz" as well, and goes to the shopping cart page and then proceeds to checkout.
- Browser one ... User 1 clicks on checkout, but is informed that he or she has been logged off.
- Browser two ... User 2 completes the checkout, as normal.
Another scenario is when businesses use a common user ID for their employees to shop at a B2B store. Either only one user should use the common user ID at a given time, or each user should be setup with their own user ID, or else one of the users will likely not complete their transactions.
Exception Conditions
The error handler, ECConstants.EC_ERROR_CODE, captures the error code, which may be one of the following.
Explanation | Error Code Value |
---|---|
Missing logon ID | ECSecurityConstants.ERR_MISSING_LOGONID |
Invalid logon ID | ECSecurityConstants.ERR_INVALID_LOGONID |
Missing password | ECSecurityConstants.ERR_MISSING_PASSWORD |
Invalid password | ECSecurityConstants.ERR_INVALID_PASSWORD |
Account has been disabled | ECSecurityConstants.ERR_DISABLED_ACCOUNT |
Password is too long or too short | ECSecurityConstants.ERR_LENGTH_PASSWORD |
Logon attempt took place too soon after previous failed attempt. | ECSecurityConstants.ERR_LOGON_NOT_ALLOWED
|
One of your ancentral organizations has been locked. | ECSecurityConstants.ERR_PARENT_ORG_LOCKED
|
You do not play a role in the store's organization or any of its ancestors. | ECSecurityConstants.ERR_NOT_REGISTERED_CUSTOMER
|
Your status is in pending approval state. You are not allowed to logon unless in approved stated. | ECSecurityConstants.ERR_USER_IN_PENDING_APPROVAL
|