Cookie Management
Recent updates to web browser cookie policies require you to adjust your SEI web server configuration. These changes are necessary for support of secure embedding (such as within your ERP website), Single Sign-On (SSO), and modern standards for cross-site and secure cookies.
To apply these settings, open the web.config file located in your installation directory. The default path depends on your product name:
- For Nectari:
C:\Program Files\Nectari\Nectari Server\WebServer\web.config - For SEI:
C:\Program Files\SEI\SEI Server\WebServer\web.config
Update cookie attributes
To support secure cookie handling and modern browser standards, make the following changes in your web.config file:
- Open
web.config. - Update the
<sessionState>attribute. - Update the
<httpCookies>attribute. - Save your changes and restart the web server if required.
Change the cookieSameSite setting
Browsers now require SameSite=None to allow authentication cookies for applications embedded in iframes, or accessed across domains. This setting ensures SEI works when embedded in other sites or used with SSO.
Replace:
<sessionState cookieSameSite="Lax"/>
With:
<sessionState cookieSameSite="None"/>
Update httpCookies to require SSL and modern same-site behavior
Enforcing requireSSL="true" ensures cookies are transmitted only over HTTPS. Setting sameSite="None" explicitly enables cookies to be sent in cross-site scenarios, such as embedding and SSO.
Replace:
<httpCookies httpOnlyCookies="true" requireSSL="false" sameSite="Lax"/>
With:
<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None"/>
Embed SEI in your ERP
When embedding SEI using an <iframe> in your ERP, always use HTTPS for both the ERP site and SEI. Ensure domains are properly configured, and that the new web.config values are in place.
Example
- ERP host:
https://exampleerp.demo.com - SEI embedding:
https://yourserver:81
For Chromium-based browsers, HTTPS is required for both your ERP and SEI web servers.