Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Adobe Analytics Encode Cookies

Avatar

Avatar
Level 1
bagust36801814
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile

Avatar
Level 1
bagust36801814
Level 1

Likes

0 likes

Total Posts

1 post

Correct reply

0 solutions
View profile
bagust36801814
Level 1

07-12-2017

Problem

Our corporate client just recently added Adobe Analytics through Adobe Marketing Cloud to track their website performance.

The problem is, the required javascript include add several cookie that prints (almost) plain url into the cookie. This triggers several rules in our Web Application Firewall (WAF) that end up making the site unusable. Example Cookie:

Where s_ppv is the cookie name. Notice the double dash in red between the word ads and grabbing. That item triggers our WAF as it commonly used SQL Injection attack.

Suggested Solution

Encode the cookie values into base64 or somekind encoding that only allows alphanumeric character without allowing any special character. It would provide better compatibility on some CDN and WAF.

Note:

Please correct me if i am wrong.

Thank you.

1 Comment

Avatar

Avatar
Affirm 500
Employee
Gigazelle
Employee

Likes

479 likes

Total Posts

1,949 posts

Correct reply

740 solutions
Top badges earned
Affirm 500
Applaud 500
Give Back 1000
Ignite 90
Coach
View profile

Avatar
Affirm 500
Employee
Gigazelle
Employee

Likes

479 likes

Total Posts

1,949 posts

Correct reply

740 solutions
Top badges earned
Affirm 500
Applaud 500
Give Back 1000
Ignite 90
Coach
View profile
Gigazelle
Employee

08-12-2017

Thanks so much for your feedback! This is actually something you should be able to directly control.

The s_ppv cookie is directly related to the getPercentPageViewed plugin, meaning it is not part of a standard Adobe Analytics implementation. If this plugin is not meeting your needs, you are welcome to either alter the JavaScript so it omits the double dashes, or you may remove the plugin altogether so the s_ppv cookie is not set.

Since this is an enhancement that relates more to JavaScript that it does Adobe Analytics, I'm going to go ahead and set the status to archived. Comments to continue the discussion are more than welcome though!