Skip to main content

Cookie Management

Modern web browser cookie policies require updating your SEI web server configuration. These adjustments ensure proper support for secure embedding (such as within your ERP website), single sign‑on (SSO), and current cross‑site cookie standards.

To apply these settings, open the web.config file located in your installation directory. The default path varies by product:

ProductPath
NectariC:\Program Files\Nectari\Nectari Server\WebServer\web.config
SEIC:\Program Files\SEI\SEI Server\WebServer\web.config

To ensure secure cookie handling and compliance with modern browser requirements, update the following elements in your web.config file:

  1. Open web.config.
  2. Update the <sessionState> element.
  3. Update the <httpCookies> element.
  4. Save your changes and restart SEI if required.

Change the cookieSameSite setting

Browsers now require SameSite=None for authentication cookies when applications are embedded in iframes or accessed across domains. This setting ensures SEI functions correctly when embedded in other sites or used with SSO.

Previous setting:

<sessionState cookieSameSite="Lax"/>

Required setting for cross‑site authentication:

<sessionState cookieSameSite="None"/>

Update httpCookies for SSL and modern SameSite requirements

To comply with current browser security standards, update the httpCookies element to enforce HTTPS and allow cookies to function correctly in cross‑site scenarios (such as embedding and SSO). Setting requireSSL="true" ensures cookies are sent only over HTTPS. Setting sameSite="None" explicitly allows cookies to be transmitted across domains, which is required for iframe embedding and SSO workflows.

Previous configuration:

<httpCookies httpOnlyCookies="true" requireSSL="false" sameSite="Lax"/>

Updated configuration required for secure cross‑site behavior:

<httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None"/>

Embed SEI in your ERP

When embedding SEI inside your ERP using an <iframe>, both systems must be served over HTTPS. Verify that:

  • All domains involved use valid SSL certificates
  • The updated web.config cookie settings are applied
  • The ERP and SEI are accessible over secure connections

Example

When embedding SEI inside your ERP, both systems must be served over HTTPS and configured to allow cross‑site authentication.

  • ERP website (iframe host): https://exampleerp.demo.com
  • SEI iframe source: https://yourserver:81

important

Chromium‑based browsers require HTTPS on both the ERP and SEI for embedded authentication to work correctly.