Adding secure attribute to cookie | Community
Skip to main content
S
Shaheena_Sheikh
Level 6
February 23, 2021
Solved

Adding secure attribute to cookie

  • February 23, 2021
  • 3 replies
  • 1840 views

Hi All,

I am trying to figure out how can I make my existing cookies secure by adding secure attribute (PS. I am newbie to cookies).

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by raj_mandalapu

@shaheena_sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

3 replies

Vaibhavi_J
Vaibhavi_J
Level 7
February 23, 2021

Hi @shaheena_sheikh , 

 

Is your pages are rendered over https protocal?? If so OOTB will add secure flags on all cookies. You can additionally achieve this through api as well . 

Check out the below thread for similar query 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-httponly-and-secure-flag/qaq-p/206712

    S
    Shaheena_SheikhAuthor
    Level 6
    February 23, 2021
    My page is loading on HTTPS but yet I can see a few cookies not being HttpOnly/Secure
    Anudeep_Garnepudi
    Community Advisor
    Anudeep_GarnepudiCommunity Advisor
    Community Advisor
    February 23, 2021

    @shaheena_sheikh 

    You can set HttpOnly and Secure flags to cookie. Check the below Cookie API documentation. Use setSecure(boolean flag) and setHttpOnly(boolean isHttpOnly).

    https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html

     

    AG
      raj_mandalapu
      raj_mandalapuAccepted solution
      Level 7
      February 23, 2021

      @shaheena_sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

      Check below code 

      Cookie emailCookie = new Cookie("email", email);
      emailCookie.setPath("/");
      emailCookie.setMaxAge(31536000);
      emailCookie.setPath(";Path=/;HttpOnly;");;
      emailCookie.setSecure(true);
      response.addCookie(emailCookie);

       

      The cookies which you create using javascript also should make secure. 

        Terms & ConditionsAccessibility statement

        Loading footer...