Cookie Management
Recent updates to web browser cookie policies require you to adjust your SEI web server configuration. These changes are necessary to support secure embedding (such as within your ERP website), single sign-on (SSO), and modern cross-site cookie standards.
To apply these settings, open the web.config file in your installation directory. The default path depends on your product:
- For Nectari:
C:\Program Files\Nectari\Nectari Server\WebServer\web.config - For SEI:
C:\Program Files\SEI\SEI Server\WebServer\web.config
Update cookie attributes
To support secure cookie handling and modern browser standards, make the following changes in your web.config file:
- Open
web.config. - Update the
<sessionState>element. - Update the
<httpCookies>element. - Save your changes and restart the web server if required.
Change the cookieSameSite setting
Browsers now require SameSite=None for authentication cookies when applications are embedded in iframes or accessed across domains. This setting ensures SEI works when embedded in other sites or used with SSO.
Replace:
<sessionState cookieSameSite="Lax"/>
With:
<sessionState cookieSameSite="None"/>
Update httpCookies to require SSL and modern same-site behavior
Setting requireSSL="true" ensures cookies are transmitted only over HTTPS. Setting sameSite="None" explicitly enables cookies to be sent in cross-site scenarios, such as embedding and SSO.
Replace:
<httpCookies httpOnlyCookies="true" requireSSL="false" sameSite="Lax"/>
With:
<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None"/>
Embed SEI in your ERP
When embedding SEI using an <iframe> in your ERP, always use HTTPS for both the ERP and SEI. Ensure all domains are properly configured, and that the updated web.config values are applied.
Example
- ERP host:
https://exampleerp.demo.com - SEI embedding:
https://yourserver:81
For Chromium-based browsers, HTTPS is required on both your ERP and SEI web servers.