Expand my Community achievements bar.

SOLVED

How to secure the s_cc & s_sq cookies

Avatar

Level 1
Level 1
10/15/15 7:26:57 PM

Is there a way to encrypt these two cookies using the standard secure flag?  What about httponly?

Views

4.4K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
10/15/15 7:26:57 PM

Hi Matt,

Just a follow up on this.  The s_cc and s_sq cookies are set and read within AppMeasurement code.  I don't believe there is anything that checks s_cc or s_sq on the server's end.  What this means is I don't think that you would be able to change how these cookies are set (httpOnly or secure) unless you are using your own s.trackingServer implementation and have a service to call on that domain that modifies these cookies.

Because they are read within the AppMeasurement javascript code, setting these to httpOnly would affect functionality and stats.

However, changing them to secure would probably not affect functionality or stats.

Thanks,

Ben

View solution in original post

Views

2.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Level 5
Level 5
10/15/15 7:26:57 PM

Hi

 

Please consider below mentioned step while working with cookies:

  • Limit the amount of sensitive information stored in the cookie.
  • Limit the subdomains and paths to prevent interception by another application.
  • Enforce SSL so the cookie isn’t sent in cleartext.
  • Make the cookie HttpOnly so its not accessible to javascript.

 

 

Regards

Devinder

Views

2.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
10/15/15 7:26:57 PM

Hi Devinder,

 

If we set the secure flag and the httponly flag for the Site Catalyst cookies will it affect any functionality or stats?

Views

2.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee
Employee
10/15/15 7:26:57 PM

Hi Matt,

Just a follow up on this.  The s_cc and s_sq cookies are set and read within AppMeasurement code.  I don't believe there is anything that checks s_cc or s_sq on the server's end.  What this means is I don't think that you would be able to change how these cookies are set (httpOnly or secure) unless you are using your own s.trackingServer implementation and have a service to call on that domain that modifies these cookies.

Because they are read within the AppMeasurement javascript code, setting these to httpOnly would affect functionality and stats.

However, changing them to secure would probably not affect functionality or stats.

Thanks,

Ben

Views

2.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 5
Level 5
10/15/15 7:26:57 PM

Hi

As soon as it went under secure gateway the cookies need to be rewrite with the same value or could use specific programming functions to sustain the preset values.

 

 

Regards

Devinder

Views

2.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Dynamically calculate the average unique visitor for last 7 days of any selected date range. Solved

Views

301

Likes

0

Replies

12
is the Visit Number dimension based on Global report suite? Solved

Views

169

Likes

0

Replies

6
Proposals for Tracking Internal Campaigns for which the banner changes Dynamically on an eCommerce WebSite Solved

Views

165

Likes

0

Replies

4
Using Classifications API to upload file automatically

Views

78

Likes

0

Replies

2
I am trying to create a data warehouse request in Adobe Workspaceto put report in azure storage account, but the page keeps loading.

Views

125

Likes

0

Replies

2