Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Adding secure attribute to cookie

Avatar

Level 6
Level 6
2/23/21 12:19:27 AM

Hi All,

I am trying to figure out how can I make my existing cookies secure by adding secure attribute (PS. I am newbie to cookies).

 

Views

1.3K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 8
Level 8
2/23/21 2:59:24 AM

@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

View solution in original post

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Community Advisor
Community Advisor
2/23/21 12:27:52 AM

Hi @Shaheena_Sheikh , 

 

Is your pages are rendered over https protocal?? If so OOTB will add secure flags on all cookies. You can additionally achieve this through api as well . 

Check out the below thread for similar query 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-ht...

Views

1.3K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 6
Level 6
2/23/21 12:39:45 AM
In response to Vaibhavi_J
My page is loading on HTTPS but yet I can see a few cookies not being HttpOnly/Secure

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
2/23/21 12:29:36 AM

@Shaheena_Sheikh 

You can set HttpOnly and Secure flags to cookie. Check the below Cookie API documentation. Use setSecure(boolean flag) and setHttpOnly(boolean isHttpOnly).

https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html

 

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 8
Level 8
2/23/21 2:59:24 AM

@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
AEM Clud migration: Strategy to reduce ACS AEM Commons dependency

Views

40

Likes

0

Replies

1
How to mask the image in AEM?

Views

54

Likes

0

Replies

2
ABC counting when adding instance

Views

48

Likes

0

Replies

1
[AEM6.5]Add custom JS functionality to OOB ACS Commons Notification.

Views

134

Likes

0

Replies

4
Not able to add external URL in Content Fragment New Editor

Views

58

Likes

0

Replies

1