Expand my Community achievements bar.

Secure Cookies

Avatar

nealed82886626
Level 2

9/20/19

Some of the cookies set by Adobe Experience Cloud solutions can be configured to set the 'secure' flag, e.g. the ECID tool.

However there are various other cookies where this cannot be configured.

To follow security best practices, sometimes security checks mandate that all cookies must be set with this flag.

The forums suggest a bit of a workaround to update some of the cookies after they have already been set here: https://forums.adobe.com/thread/2628171#11109759

It would be good if all cookies could be configured in the Launch UI to set cookies as secure (and also the 'httpOnly' flag where possible).

Some examples:

  • Cookies set by _satellite.cookie
  • Cookies set by getPreviousVal plugin (uses sc_cw function of s object)
  • Third party demdex cookies
  • s_ecid cookie - can this one be httpOnly and secure?
  • Cookies set by ActivityMap
Reply
Related Conversations
Adobe Data Warehouse FTP "User Credential Security" and "Fixed Location Dropdown + Secure File Sharing ONLY Option"

Views

275

Like

1

Replies

0
Enhanced Security - just in time user provisioning access to Adobe tools

Views

453

Likes

0

Replies

0
Add variable to indicate whether third-party cookies are enabled

Views

604

Likes

3

Replies

2
Adobe Analytics Encode Cookies

Views

1.8K

Likes

0

Replies

1
Try in workspace - Security Issue

Views

2.3K

Like

1

Replies

3