Session synchronization is done by the CAE only. The commerce system does not know anything about the CAE. Although it is the CAE that executes the session synchronization, it is the WCS that is the leading system for doing so.
There are two states to look at, the org.springframework.security.core.context.SecurityContext
that reflects the authentication state remembered within the CAE and the authentication state within the
WCS.
Synchronization is done by the com.coremedia.livecontext.services.SessionSynchronizer
, which is
triggered by the com.coremedia.livecontext.handler.SessionSynchronizationInterceptor
, a Spring
HandlerInterceptor
that intercepts dynamic fragment requests. If the current user is
logged into the CAE but not into the WCS, the user will be logged out from the CAE. And if the user is not
logged into the CAE but into WCS, he will be logged into the CAE.