Secure Cookies? HttpOnly; secure

Avatar

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile
vitalin58577727
Level 2

06-06-2019

Hello,

our servers are prepared for transaction testing.

Now the IT department said we need to switch the cookie from Adobe Analytics/ Adobe Tag Manager to Secure.

It's about the following:

Set cookie: CookieName=value; path=/; HttpOnly; secure

Quelle:

https://en.wikipedia.org/wiki/Secure_cookie

https://wiki.selfhtml.org/wiki/Grundlagen/sichere_Cookies

How do I set the cookie to Secure? secure-cookies.JPG

Example

At Amazon, some cookies go as safe.

amazon-secure-cookies.JPG

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile
vitalin58577727
Level 2

16-06-2019

Solutions

Many thanks to everyone together,

One of them was to overwrite all cookies.

function setCookieSecure(name,value,days,domain) {

var expires = "";

if (days) {

var date = new Date();

date.setTime(date.getTime() + (days*24*60*60*1000));

expires = "; expires=" + date.toUTCString();

}

document.cookie = name + "=" + (value || "")  + (expires || "") + "; path=/; domain=" + domain +"; secure";

}

var unsecureCookies = [

{

'matchNameRgxp' : new RegExp( '^AMCV_.*$' ),

'expire' : 731

},

{

'matchNameRgxp' : new RegExp( '^AMCVS_.*$' ),

'expire' : null

},

{

'matchNameRgxp' : new RegExp( '^tp$' ),

'expire' : null

},

{

'matchNameRgxp' : new RegExp( '^adb_mc$' ),

'expire' : null

},

];

if (document.cookie && document.cookie != '') {

var domain = window.location.hostname;

domain = domain.replace(/(www2|www)?/i, '');

var split = document.cookie.split(';');

for (var i = 0; i < split.length; i++) {

var name_value = split[i].split("=");

name_value[0] = name_value[0].replace(/^ /, '');

var cookieName = name_value[0];

var cookieValue = name_value[1];

for (var j = 0; j < unsecureCookies.length; j++) {

var unsecureCookie = unsecureCookies[j];

if( cookieName.match( unsecureCookie.matchNameRgxp ) ) {

setCookieSecure(cookieName, cookieValue, unsecureCookie.expire, domain);

}

}

}

}

The upper solution overwrites all cookies, from Adobe.

And a solution sent to me by the Adobe team.

secureCookies.JPG

Das sollte funktionieren.

Answers (6)

Answers (6)

Avatar

Avatar
Coach
Employee
Gigazelle
Employee

Likes

473 likes

Total Posts

1,947 posts

Correct reply

740 solutions
Top badges earned
Coach
Contributor 2
Validate 1
Ignite 80
Ignite 70
View profile

Avatar
Coach
Employee
Gigazelle
Employee

Likes

473 likes

Total Posts

1,947 posts

Correct reply

740 solutions
Top badges earned
Coach
Contributor 2
Validate 1
Ignite 80
Ignite 70
View profile
Gigazelle
Employee

29-04-2020

A recent update to AppMeasurement now allows this attribute natively. Check out the writeSecureCookies variable:

https://docs.adobe.com/content/help/en/analytics/implementation/vars/config-vars/writesecurecookies....

Avatar

Avatar
Applaud 500
MVP
Asheesh_P
MVP

Likes

130 likes

Total Posts

334 posts

Correct reply

145 solutions
Top badges earned
Applaud 500
Affirm 100
Contributor
Boost 100
Give Back 10
View profile

Avatar
Applaud 500
MVP
Asheesh_P
MVP

Likes

130 likes

Total Posts

334 posts

Correct reply

145 solutions
Top badges earned
Applaud 500
Affirm 100
Contributor
Boost 100
Give Back 10
View profile
Asheesh_P
MVP

12-06-2019

looks good to me ..thanks! once done check cookie in application tab to find it is being set as secure now.

Avatar

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile
vitalin58577727
Level 2

12-06-2019

I have now integrated the function as follows.

Did someone look over it and say if that's OK?

cookie-secure-adobe.JPG

Thank you in advance

Avatar

Avatar
Applaud 500
MVP
Asheesh_P
MVP

Likes

130 likes

Total Posts

334 posts

Correct reply

145 solutions
Top badges earned
Applaud 500
Affirm 100
Contributor
Boost 100
Give Back 10
View profile

Avatar
Applaud 500
MVP
Asheesh_P
MVP

Likes

130 likes

Total Posts

334 posts

Correct reply

145 solutions
Top badges earned
Applaud 500
Affirm 100
Contributor
Boost 100
Give Back 10
View profile
Asheesh_P
MVP

07-06-2019

That's correct you need to implement suggested code in this section, You can find your org id in experience cloud landing page. Find your ord ID

Avatar

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile

Avatar
Validate 10
Level 2
vitalin58577727
Level 2

Likes

15 likes

Total Posts

69 posts

Correct reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 10
View profile
vitalin58577727
Level 2

06-06-2019

Hello community,

I received the following answer from Adobe Team.

I would like to implement the code, but unfortunately I don't know where the Marketing ID is?

adobe-marketing-id.JPG

Is this the Marketing Cloud ID?

And where do I have to implement the code?

var visitor = Visitor.getInstance("2924444444444444444444@AdobeOrg",{

        //Set secure cookie property

        secureCookie: true

});

Do I have to implement the code here?

Adobe-appMeasurement-funktion.JPG

Thank you in advance

Vitali

Avatar

Avatar
Applaud 500
MVP
Asheesh_P
MVP

Likes

130 likes

Total Posts

334 posts

Correct reply

145 solutions
Top badges earned
Applaud 500
Affirm 100
Contributor
Boost 100
Give Back 10
View profile

Avatar
Applaud 500
MVP
Asheesh_P
MVP

Likes

130 likes

Total Posts

334 posts

Correct reply

145 solutions
Top badges earned
Applaud 500
Affirm 100
Contributor
Boost 100
Give Back 10
View profile
Asheesh_P
MVP

06-06-2019

Hey Vitalin,

This s_sq cookie is for activity map (the previous link clicked) and s_cc is to read by the JavaScript code to determine if cookies are enabled.

Here is more info - Analytics Cookies

Thanks,

Asheesh