How to secure the s_cc & s_sq cookies | Community
Skip to main content
M
matt_kupstas
October 16, 2015
Solved

How to secure the s_cc & s_sq cookies

  • October 16, 2015
  • 4 replies
  • 5152 views

Is there a way to encrypt these two cookies using the standard secure flag?  What about httponly?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by bbythewa

Hi Matt,

Just a follow up on this.  The s_cc and s_sq cookies are set and read within AppMeasurement code.  I don't believe there is anything that checks s_cc or s_sq on the server's end.  What this means is I don't think that you would be able to change how these cookies are set (httpOnly or secure) unless you are using your own s.trackingServer implementation and have a service to call on that domain that modifies these cookies.

Because they are read within the AppMeasurement javascript code, setting these to httpOnly would affect functionality and stats.

However, changing them to secure would probably not affect functionality or stats.

Thanks,

Ben

4 replies

devinderbanga
devinderbanga
Level 6
October 16, 2015

Hi

 

Please consider below mentioned step while working with cookies:

  • Limit the amount of sensitive information stored in the cookie.
  • Limit the subdomains and paths to prevent interception by another application.
  • Enforce SSL so the cookie isn’t sent in cleartext.
  • Make the cookie HttpOnly so its not accessible to javascript.

 

 

Regards

Devinder

M
matt_kupstasAuthor
October 16, 2015

Hi Devinder,

 

If we set the secure flag and the httponly flag for the Site Catalyst cookies will it affect any functionality or stats?

B
Adobe Employee
bbythewaAdobe EmployeeAccepted solution
Adobe Employee
October 16, 2015

Hi Matt,

Just a follow up on this.  The s_cc and s_sq cookies are set and read within AppMeasurement code.  I don't believe there is anything that checks s_cc or s_sq on the server's end.  What this means is I don't think that you would be able to change how these cookies are set (httpOnly or secure) unless you are using your own s.trackingServer implementation and have a service to call on that domain that modifies these cookies.

Because they are read within the AppMeasurement javascript code, setting these to httpOnly would affect functionality and stats.

However, changing them to secure would probably not affect functionality or stats.

Thanks,

Ben

devinderbanga
devinderbanga
Level 6
October 16, 2015

Hi

As soon as it went under secure gateway the cookies need to be rewrite with the same value or could use specific programming functions to sustain the preset values.

 

 

Regards

Devinder

Terms & ConditionsAccessibility statement

Loading footer...