Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Adding secure attribute to cookie

Avatar

Avatar
Validate 10
Level 2
Shaheena_Sheikh
Level 2

Like

1 like

Total Posts

86 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Give Back
Boost 1
Applaud 5
View profile

Avatar
Validate 10
Level 2
Shaheena_Sheikh
Level 2

Like

1 like

Total Posts

86 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Give Back
Boost 1
Applaud 5
View profile
Shaheena_Sheikh
Level 2

23-02-2021

Hi All,

I am trying to figure out how can I make my existing cookies secure by adding secure attribute (PS. I am newbie to cookies).

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Validate 1
MVP
raj_mandalapu
MVP

Likes

124 likes

Total Posts

203 posts

Correct Reply

72 solutions
Top badges earned
Validate 1
Contributor
Shape 1
Give Back 5
Give Back 3
View profile

Avatar
Validate 1
MVP
raj_mandalapu
MVP

Likes

124 likes

Total Posts

203 posts

Correct Reply

72 solutions
Top badges earned
Validate 1
Contributor
Shape 1
Give Back 5
Give Back 3
View profile
raj_mandalapu
MVP

23-02-2021

@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

Answers (2)

Answers (2)

Avatar

Avatar
Affirm 50
MVP
Vaibhavi
MVP

Likes

180 likes

Total Posts

156 posts

Correct Reply

50 solutions
Top badges earned
Affirm 50
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile

Avatar
Affirm 50
MVP
Vaibhavi
MVP

Likes

180 likes

Total Posts

156 posts

Correct Reply

50 solutions
Top badges earned
Affirm 50
Validate 1
Ignite 1
Give Back 5
Give Back 3
View profile
Vaibhavi
MVP

23-02-2021

Hi @Shaheena_Sheikh , 

 

Is your pages are rendered over https protocal?? If so OOTB will add secure flags on all cookies. You can additionally achieve this through api as well . 

Check out the below thread for similar query 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-ht...

Avatar

Avatar
Establish
MVP
Anudeep_Garnepudi
MVP

Likes

271 likes

Total Posts

320 posts

Correct Reply

87 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
Anudeep_Garnepudi
MVP

Likes

271 likes

Total Posts

320 posts

Correct Reply

87 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
Anudeep_Garnepudi
MVP

23-02-2021

@Shaheena_Sheikh 

You can set HttpOnly and Secure flags to cookie. Check the below Cookie API documentation. Use setSecure(boolean flag) and setHttpOnly(boolean isHttpOnly).

https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html