Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Adding secure attribute to cookie

Shaheena_Sheikh
Level 4
Level 4

Hi All,

I am trying to figure out how can I make my existing cookies secure by adding secure attribute (PS. I am newbie to cookies).

 

1 Accepted Solution
raj_mandalapu
Correct answer by
Community Advisor
Community Advisor

@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

View solution in original post

4 Replies
Vaibhavi_Gowda
Community Advisor
Community Advisor

Hi @Shaheena_Sheikh , 

 

Is your pages are rendered over https protocal?? If so OOTB will add secure flags on all cookies. You can additionally achieve this through api as well . 

Check out the below thread for similar query 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-ht...

Shaheena_Sheikh
Level 4
Level 4
My page is loading on HTTPS but yet I can see a few cookies not being HttpOnly/Secure
Anudeep_Garnepudi
Community Advisor
Community Advisor

@Shaheena_Sheikh 

You can set HttpOnly and Secure flags to cookie. Check the below Cookie API documentation. Use setSecure(boolean flag) and setHttpOnly(boolean isHttpOnly).

https://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html

 

raj_mandalapu
Correct answer by
Community Advisor
Community Advisor

@Shaheena_Sheikh ,if you don't make your cookie secure, then the cookie can be transmitted over the HTTP connection. so if you use HTTPS also, it is good practice to make your cookie secure.

Check below code 

Cookie emailCookie = new Cookie("email", email);
emailCookie.setPath("/");
emailCookie.setMaxAge(31536000);
emailCookie.setPath(";Path=/;HttpOnly;");;
emailCookie.setSecure(true);
response.addCookie(emailCookie);

 

The cookies which you create using javascript also should make secure. 

View solution in original post