Preventing some URL parameters from encryption in websphere commerce

There are some situations where you would want to prevent certain URL parameters to be encrypted by Websphere Commerce. For example, there was a situation I faced wherein the product detail page displayed the ratings and reviews (BazaarVoice integration). The requirement was that only registered users be able to write a review for a product. Hence, when a guest user clicked on "Write a review" from product detail page, there was a redirect to a secure login page (https). 

This was encrypting the URL parameters required by BazaarVoice into a "krypto" parameter. And when after login, the page redirects back to ProductDetail page, the BazaarVoice section on the page just wouldn't display.

To overcome this, certain parameters required by BazaarVoice had to be unencrypted and part of the URL parameter.

To achieve this, open the wc-server.xml file which is generally found at C:\WCToolkitEE60\xml\config where C:\WCToolkitEE60 is the websphere commerce toolkit installation path. Search for NonEncryptedParameters XML attribute in the file. In this section of the xml, we define all the parameters that should not be encrypted by WCS over a secure connection.

<NonEncryptedParameters>

    <Parameter display="true" name="user"/>
    <Parameter display="true" name="bvpage"/>
    <Parameter display="true" name="return"/>

</NonEncryptedParameters>

Having this will ensure that WCS doesn't encrypt the listed parameters. All the NonEncryptedParameters are appended to the beginning of the URL.