Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Secure Cookies

Avatar

Avatar
Boost 5
Level 2
nealed82886626
Level 2

Likes

5 likes

Total Posts

1 post

Correct Reply

0 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
View profile

Avatar
Boost 5
Level 2
nealed82886626
Level 2

Likes

5 likes

Total Posts

1 post

Correct Reply

0 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
View profile
nealed82886626
Level 2

20-09-2019

Some of the cookies set by Adobe Experience Cloud solutions can be configured to set the 'secure' flag, e.g. the ECID tool.

However there are various other cookies where this cannot be configured.

To follow security best practices, sometimes security checks mandate that all cookies must be set with this flag.

The forums suggest a bit of a workaround to update some of the cookies after they have already been set here: https://forums.adobe.com/thread/2628171#11109759

It would be good if all cookies could be configured in the Launch UI to set cookies as secure (and also the 'httpOnly' flag where possible).

Some examples:

  • Cookies set by _satellite.cookie
  • Cookies set by getPreviousVal plugin (uses sc_cw function of s object)
  • Third party demdex cookies
  • s_ecid cookie - can this one be httpOnly and secure?
  • Cookies set by ActivityMap