<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Enable secure cookies in AEM Cloud in Adobe Experience Manager Questions</title>
    <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/416255#M1651</link>
    <description>&lt;P&gt;Hi&amp;nbsp;&lt;LI-USER uid="9611443"&gt;&lt;/LI-USER&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;You can set header at the dispatcher v-host as well to set the cookie as secure.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;PRE&gt;Header edit Set-Cookie ^(.*)$ $1&lt;SPAN&gt;;Secure;SameSite=Strict&lt;/SPAN&gt;&lt;/PRE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks!&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Fri, 16 Jul 2021 17:25:55 GMT</pubDate>
    <dc:creator>Asutosh_Jena_</dc:creator>
    <dc:date>2021-07-16T17:25:55Z</dc:date>
    <item>
      <title>Enable secure cookies in AEM Cloud</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/416246#M1650</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;What would be the right approach to enable secure cookies in AEM Cloud? I've been trying by adding&amp;nbsp;org.apache.felix.http.cfg.json with the values below, but that doesn't seem to work.&amp;nbsp;&lt;/P&gt;&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;{
    "org.apache.felix.https.jetty.session.cookie.secure": "true",
    "org.apache.felix.proxy.load.balancer.connection.enable": "true"
}&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The cookie I'm looking at specifically is the &lt;STRONG&gt;affinity&lt;/STRONG&gt; cookie.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks!&lt;/P&gt;</description>
      <pubDate>Fri, 16 Jul 2021 15:32:47 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/416246#M1650</guid>
      <dc:creator>danielkg</dc:creator>
      <dc:date>2021-07-16T15:32:47Z</dc:date>
    </item>
    <item>
      <title>Re: Enable secure cookies in AEM Cloud</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/416255#M1651</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;LI-USER uid="9611443"&gt;&lt;/LI-USER&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;You can set header at the dispatcher v-host as well to set the cookie as secure.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;PRE&gt;Header edit Set-Cookie ^(.*)$ $1&lt;SPAN&gt;;Secure;SameSite=Strict&lt;/SPAN&gt;&lt;/PRE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks!&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 16 Jul 2021 17:25:55 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/416255#M1651</guid>
      <dc:creator>Asutosh_Jena_</dc:creator>
      <dc:date>2021-07-16T17:25:55Z</dc:date>
    </item>
    <item>
      <title>Re: Enable secure cookies in AEM Cloud</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/416526#M1652</link>
      <description>Thanks for the help, I tried this approach and the Set Cookie header is not being overridden by that rule in my case. Is there a specific location in the vhost file where this should be placed? I'm adding it under &amp;lt;VirtualHost *:80&amp;gt;&amp;lt;Directory /&amp;gt;, and have also tried under &amp;lt;IfModule mod_headers.c&amp;gt; but it doesn't seem to work.</description>
      <pubDate>Tue, 20 Jul 2021 13:47:55 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/416526#M1652</guid>
      <dc:creator>danielkg</dc:creator>
      <dc:date>2021-07-20T13:47:55Z</dc:date>
    </item>
    <item>
      <title>Re: Enable secure cookies in AEM Cloud</title>
      <link>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/539562#M134029</link>
      <description>&lt;P style="font-weight: 400;"&gt;The official Adobe communication is as follows:&lt;/P&gt;
&lt;P style="font-weight: 400;"&gt;&amp;nbsp;&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P style="font-weight: 400;"&gt;The affinity cookie is set by envoy to allocate the client a pointer into the ringhash that ensures their requests go back to the same pod where they pod exists. The cookie is a session cookie and must not have Max Age or Expires set which would make the cookie Persistent (see [1]) It is HttpOnly already. We only serve traffic over https so it is secure by default. The value of the cookie has not intrinsic value and does not give the client any insight into which hardware they are targeting as the RingHash[2] algorithm does not allow a client to manipulate the cookie to target specific pods. The algorithm only allows the client, on presentation of the value, to target the same pod. Possession of the cookie value has the same value as getting hold of a random number that has no meaning.&lt;/P&gt;
&lt;P style="font-weight: 400;"&gt;&amp;nbsp;&lt;/P&gt;
&lt;P style="font-weight: 400;"&gt;1 &lt;A href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_the_lifetime_of_a_cookie" target="_blank"&gt;https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#define_the_lifetime_of_a_cookie&lt;/A&gt;&lt;/P&gt;
&lt;P style="font-weight: 400;"&gt;&amp;nbsp;&lt;/P&gt;
&lt;P style="font-weight: 400;"&gt;2 &lt;A href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash" target="_blank"&gt;https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash&lt;/A&gt;&lt;/P&gt;
&lt;P style="font-weight: 400;"&gt;&amp;nbsp;&lt;/P&gt;
&lt;BR /&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;
&lt;P style="font-weight: 400;"&gt;Possibly the customers do not have any control on the setup here..&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 05 Aug 2022 12:51:26 GMT</pubDate>
      <guid>https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/enable-secure-cookies-in-aem-cloud/m-p/539562#M134029</guid>
      <dc:creator>Adam100</dc:creator>
      <dc:date>2022-08-05T12:51:26Z</dc:date>
    </item>
  </channel>
</rss>

