Collapse
Submit a Service Request
Contact Information for Technical Support
My Service Notifications
Enabling secure flag for Engagement Engine
Answer ID 9837 |
Last Review Date 01/27/2019
How can I enable secure flag for my Engagement Engine implementation?
Environment
Oracle Engagement Engine Cloud - all releases
Resolution
By design, Engagement Engine has been developed to be stripped of the secure flag, the code in the back-end containing an "isSecure" attribute that is set to "False".
The reasoning behind this is the following:
- when set to "True", the "isSecure" attribute prevents Engagement Engine from tracking the visitor session in an HTTP page;
- if it is not set to "False", when the same visitor accesses an HTTP page and then an HTTPS page, Engagement Engine sees this as two distinct sessions, when in fact it is only one;
Also, Engagement Engine has not been built to track sensitive data in the cookies, which is why changing the "isSecure" flag to "True" is not an available option.