Adding secure attribute to cookie

Avatar

Avatar

Shaheena_Sheikh

Avatar

Shaheena_Sheikh

Shaheena_Sheikh

23-02-2021

Hi All,

I am trying to figure out how can I make my existing cookies secure by adding secure attribute (PS. I am newbie to cookies).

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

raj_mandalapu

MVP

Avatar

raj_mandalapu

MVP

raj_mandalapu
MVP

23-02-2021

@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

Answers (2)

Answers (2)

Avatar

Avatar

Vaibhavi

MVP

Avatar

Vaibhavi

MVP

Vaibhavi
MVP

23-02-2021

Hi @Shaheena_Sheikh , 

 

Is your pages are rendered over https protocal?? If so OOTB will add secure flags on all cookies. You can additionally achieve this through api as well . 

Check out the below thread for similar query 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-ht...

Avatar

Avatar

Anudeep_Garnepudi

MVP

Avatar

Anudeep_Garnepudi

MVP

Anudeep_Garnepudi
MVP

23-02-2021

@Shaheena_Sheikh 

You can set HttpOnly and Secure flags to cookie. Check the below Cookie API documentation. Use setSecure(boolean flag) and setHttpOnly(boolean isHttpOnly).

https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html