How can I enable secure flag for my Engagement Engine implementation?

Environment

Oracle Engagement Engine Cloud - all releases

Resolution

By design, Engagement Engine has been developed to be stripped of the secure flag, the code in the back-end containing an "isSecure" attribute that is set to "False".

The reasoning behind this is the following:

- when set to "True", the "isSecure" attribute prevents Engagement Engine from tracking the visitor session in an HTTP page;

- if it is not set to "False", when the same visitor accesses an HTTP page and then an HTTPS page, Engagement Engine sees this as two distinct sessions, when in fact it is only one;

Also, Engagement Engine has not been built to track sensitive data in the cookies, which is why changing the "isSecure" flag to "True" is not an available option.