Cookies
Sitecore CDP stores cookies in the web browser as first-party cookies. First-party cookies are cookies set by the domain that appears in the web browser's address bar.
Only load the Engage SDK and set cookies if your site visitor grants consent.
-
bid_{clientKey}
- this cookie persists the browser ID between sessions, which is required for all calls that the Engage SDK makes to Sitecore CDP. This cookie generates a universally unique identifier (UUID) that is unique per browser until the cookie expires or is deleted. After the cookie expires or is deleted, a new UUID is generated the next time the visitor returns. -
bx_bucket_number
- this session cookie is used only if you have Sitecore Personalize and if you're using web experiences or web experiments in your app. The cookie allocates the guest to a specific variant. It performs allocation for each web experiment that is live on your site during the particular session. The cookie is only stored for the duration of the session. -
bx_guest_ref
- this session cookie is used only if you have Sitecore Personalize and if you're using web experiences or web experiments in your app. The cookie assigns a universally unique identifier (UUID) to every user with a bucket. The cookie is only stored for the duration of the session.
The Engage SDK supports setting cookies from the client and from the server.
Client-set cookies
If you can access only the client side of your app, you have to set cookies from the client.
You can set cookies from the client by setting the forceServerCookieMode
attribute to false
in the settings object, then passing the settings object to the Engage.init()
function. For code samples, see Integrating a React app and Integrating a Next app (client-set cookies).
Server-set cookies
If you can access the server side of your app, you can choose to set cookies from the server instead of the client. In that scenario, you create and manage cookies on your web server. Then, the web server sends the cookies to the client app. Finally, the client app stores the cookie in the web browser.
Setting cookies from the server has the following benefits:
-
Increases security by adding the
httpOnly
attribute to cookies. This helps prevent client-side JavaScript from accessing the cookies and mitigate cross-site scripting (XSS) attacks. -
Mitigates the impact of Intelligent Tracking Prevention (ITP) on cookies. For example, unlike client-set cookies, server-set cookies don't expire automatically after 7 days.
Using the Engage SDK package, you can set cookies from the server by setting the forceServerCookieMode
attribute to true
in the settings object, then passing the settings object to the Engage.init()
function on the client side, and to the Engage.initServer()
function on the server side. For code samples, see Integrating a Next app (server-set cookies).