Secure Cookies

nealed82886626 20-09-2019

Some of the cookies set by Adobe Experience Cloud solutions can be configured to set the 'secure' flag, e.g. the ECID tool.

However there are various other cookies where this cannot be configured.

To follow security best practices, sometimes security checks mandate that all cookies must be set with this flag.

The forums suggest a bit of a workaround to update some of the cookies after they have already been set here: https://forums.adobe.com/thread/2628171#11109759

It would be good if all cookies could be configured in the Launch UI to set cookies as secure (and also the 'httpOnly' flag where possible).

Some examples:

  • Cookies set by _satellite.cookie
  • Cookies set by getPreviousVal plugin (uses sc_cw function of s object)
  • Third party demdex cookies
  • s_ecid cookie - can this one be httpOnly and secure?
  • Cookies set by ActivityMap
Comment