Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Adding secure attribute to cookie

Avatar

Avatar
Applaud 25
Level 2
Shaheena_Sheikh
Level 2

Likes

2 likes

Total Posts

97 posts

Correct Reply

1 solution
Top badges earned
Applaud 25
Applaud 5
Affirm 1
Validate 10
Validate 1
View profile

Avatar
Applaud 25
Level 2
Shaheena_Sheikh
Level 2

Likes

2 likes

Total Posts

97 posts

Correct Reply

1 solution
Top badges earned
Applaud 25
Applaud 5
Affirm 1
Validate 10
Validate 1
View profile
Shaheena_Sheikh
Level 2

23-02-2021

Hi All,

I am trying to figure out how can I make my existing cookies secure by adding secure attribute (PS. I am newbie to cookies).

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
MVP
raj_mandalapu
MVP

Likes

125 likes

Total Posts

203 posts

Correct Reply

72 solutions
Top badges earned
Validate 1
Contributor
Shape 1
Give Back 5
Give Back 3
View profile

Avatar
Validate 1
MVP
raj_mandalapu
MVP

Likes

125 likes

Total Posts

203 posts

Correct Reply

72 solutions
Top badges earned
Validate 1
Contributor
Shape 1
Give Back 5
Give Back 3
View profile
raj_mandalapu
MVP

23-02-2021

@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

Answers (2)

Answers (2)

Avatar

Avatar
Affirm 50
MVP
Vaibhavi
MVP

Likes

216 likes

Total Posts

181 posts

Correct Reply

61 solutions
Top badges earned
Affirm 50
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile

Avatar
Affirm 50
MVP
Vaibhavi
MVP

Likes

216 likes

Total Posts

181 posts

Correct Reply

61 solutions
Top badges earned
Affirm 50
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile
Vaibhavi
MVP

23-02-2021

Hi @Shaheena_Sheikh , 

 

Is your pages are rendered over https protocal?? If so OOTB will add secure flags on all cookies. You can additionally achieve this through api as well . 

Check out the below thread for similar query 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-ht...

Avatar

Avatar
Establish
MVP
Anudeep_Garnepudi
MVP

Likes

275 likes

Total Posts

320 posts

Correct Reply

87 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
Anudeep_Garnepudi
MVP

Likes

275 likes

Total Posts

320 posts

Correct Reply

87 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
Anudeep_Garnepudi
MVP

23-02-2021

@Shaheena_Sheikh 

You can set HttpOnly and Secure flags to cookie. Check the below Cookie API documentation. Use setSecure(boolean flag) and setHttpOnly(boolean isHttpOnly).

https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html