It is working as expected . it is not saving any data in profile for both logged in user and anonymous user as you disabled it .
Please explain what is the expected behavior .
Correct that is the expected behavior. The behavior that is in question is to why the cart is not being retrieved from the cookie when either the anonymous or logged in user returns back to the site. See my comments concerning the behavior with respect to the different browsers. It has also been reported by some of our testers to happen intermittently.
Any direction as to why this would occur or places to look at.
Before I made the change - there was no reported issues for anonymous users when their cart was saved to the cookie.
Here is what I have in the cookiemanger.properties
# @version $Id: //hosting-blueprint/B2CBlueprint/version/10.0.2/EStore/config/atg/userprofiling/CookieManager.properties#2 $$Change: 635969 $
# Enable sending of profile cookie
# Persist cookie for 15 days (60 * 60 * 24) * 15 = seconds
# Cookie hashkey
Do you have any logic to retrieve the order from cookie and saving it to profile during post login or session authentication .
We have some overridden methods for postLogin* but they all call upon super to do the majority of the work. The overridden methods are checking for some promos that might be left over on the user profile that need to be removed - nothing to big.
Are there other areas of the code that would cause this behavior - that is not pulling an abandoned cart from the cookie for either an anonymous or login user?
So I may have been some what confused on the expected behavior - so let me state my understanding and let me know if it is correct or not with regard to ATG, Cookies, Session, orders and normal browser behavior.
Use case 1: persist orders for logined in users
A logged in user will have their cart persisted to the database. So in the event the user does not complete an order, and either the session expires or closes the browser, when the user returns to the site the cart will be repopulated by the order id and profile id referenced in the cookie.
For anonymous users - no orders will be saved to the database (unless they are complete/submitted orders) So in the event the user does not complete an order, and either the session expires or closes the browser, when the user returns to the site the cart will be empty.
Closing a tab in a multiple tab browser session will not kill the session - therefore if an anonymous user reopens the tab before session expiration, the cart will still be populated as the order is saved in the session.
Use Case 2: Do not persist order for logged in users.
For logged in user - no orders will be saved to the database (unless they are complete/submitted orders). So in the event the user does not complete an order, and either the session expires or closes the browser, when the user returns to the site the cart will be empty.
No change between Use Case 1 and Use Case 2 for anonymous users.
The above understanding of yours is correct. In ATG OOB, it never stores any details related to order in a cookie. What it stores is just the profile id. If you want to enable a cookie based authentication or retrieves the order based on cookie, you have to persist the anonymous profiles and persist the orders for anonymous users as well.
When a session starts, ATG will check for profile cookie and load the order based on that. Note that the OOTB transient profile will not function correctly now, you need to trust the Profile.securityStatus property here; there is a designated value for cookie based authentication.