Adobe Analytics Encode Cookies

Avatar

Avatar

bagust36801814

Avatar

bagust36801814

bagust36801814

07-12-2017

Problem

Our corporate client just recently added Adobe Analytics through Adobe Marketing Cloud to track their website performance.

The problem is, the required javascript include add several cookie that prints (almost) plain url into the cookie. This triggers several rules in our Web Application Firewall (WAF) that end up making the site unusable. Example Cookie:

Where s_ppv is the cookie name. Notice the double dash in red between the word ads and grabbing. That item triggers our WAF as it commonly used SQL Injection attack.

Suggested Solution

Encode the cookie values into base64 or somekind encoding that only allows alphanumeric character without allowing any special character. It would provide better compatibility on some CDN and WAF.

Note:

Please correct me if i am wrong.

Thank you.

1 Comment (1 New)
1 Comment

Avatar

Avatar

Gigazelle

Employee

Total Posts

1.9K

Likes

459

Correct Answer

734

Avatar

Gigazelle

Employee

Total Posts

1.9K

Likes

459

Correct Answer

734
Gigazelle
Employee

08-12-2017

Thanks so much for your feedback! This is actually something you should be able to directly control.

The s_ppv cookie is directly related to the getPercentPageViewed plugin, meaning it is not part of a standard Adobe Analytics implementation. If this plugin is not meeting your needs, you are welcome to either alter the JavaScript so it omits the double dashes, or you may remove the plugin altogether so the s_ppv cookie is not set.

Since this is an enhancement that relates more to JavaScript that it does Adobe Analytics, I'm going to go ahead and set the status to archived. Comments to continue the discussion are more than welcome though!