Secure Cookies? HttpOnly; secure
Hello,
our servers are prepared for transaction testing.
Now the IT department said we need to switch the cookie from Adobe Analytics/ Adobe Tag Manager to Secure.
It's about the following:
Set cookie: CookieName=value; path=/; HttpOnly; secure
Quelle:
https://en.wikipedia.org/wiki/Secure_cookie
https://wiki.selfhtml.org/wiki/Grundlagen/sichere_Cookies
How do I set the cookie to Secure?
Example
At Amazon, some cookies go as safe.
Solutions
Many thanks to everyone together,
One of them was to overwrite all cookies.
function setCookieSecure(name,value,days,domain) {
var expires = "";
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days*24*60*60*1000));
expires = "; expires=" + date.toUTCString();
}
document.cookie = name + "=" + (value || "") + (expires || "") + "; path=/; domain=" + domain +"; secure";
}
var unsecureCookies = [
{
'matchNameRgxp' : new RegExp( '^AMCV_.*$' ),
'expire' : 731
},
{
'matchNameRgxp' : new RegExp( '^AMCVS_.*$' ),
'expire' : null
},
{
'matchNameRgxp' : new RegExp( '^tp$' ),
'expire' : null
},
{
'matchNameRgxp' : new RegExp( '^adb_mc$' ),
'expire' : null
},
];
if (document.cookie && document.cookie != '') {
var domain = window.location.hostname;
domain = domain.replace(/(www2|www)?/i, '');
var split = document.cookie.split(';');
for (var i = 0; i < split.length; i++) {
var name_value = split[i].split("=");
name_value[0] = name_value[0].replace(/^ /, '');
var cookieName = name_value[0];
var cookieValue = name_value[1];
for (var j = 0; j < unsecureCookies.length; j++) {
var unsecureCookie = unsecureCookies[j];
if( cookieName.match( unsecureCookie.matchNameRgxp ) ) {
setCookieSecure(cookieName, cookieValue, unsecureCookie.expire, domain);
}
}
}
}
The upper solution overwrites all cookies, from Adobe.
And a solution sent to me by the Adobe team.
Das sollte funktionieren.