Cloud SDK cookies
The Cloud SDK stores cookies in the web browser as first-party cookies. First-party cookies are set by the domain that appears in the web browser's address bar. The Cloud SDK stores the following cookies:
Cookie name |
Description |
Configuration options |
---|---|---|
|
Persists the browser IDbrowser ID between sessions, which is required for all calls that the Cloud SDK makes to Sitecore. Assigns a universally unique identifier (UUID) that is unique per browser until the cookie expires or is deleted. After the cookie expires or is deleted, a new UUID is generated the next time the site visitor returns. |
Configured in the initializer function of the module of every Cloud SDK package. |
|
Persists the guest IDguest ID between sessions, which is required for calls that the Cloud SDK makes to Sitecore for personalization. Assigns a universally unique identifier (UUID) that is unique per site visitor until the cookie expires or is deleted. After the cookie expires or is deleted, a new UUID is generated the next time the site visitor returns. |
Configured in the initializer function of the module of every Cloud SDK package. |
Depending on your site configuration, XM Cloud may issue other cookies to website visitors, as well.
Cookie settings
The Cloud SDK lets you configure cookie settings in the initializer function of the module of every Cloud SDK package you're using.
When you initialize a module, you must decide whether to set cookies from the browser (client-set cookies) or from the server (server-set cookies).
Only load the Cloud SDK and set cookies if your site visitor grants consent.
Client-set cookies
You can set cookies from the browser by setting the enableBrowserCookie
to true
in the initializer function of the browser
module of the package you're using. If you're also using the server
module of the same package, make sure to set enableServerCookie
to false
in the server
module's initializer function.
Server-set cookies
You can set cookies from the server by setting the enableServerCookie
to true
in the initializer function of the server
module of the package you're using. If you're also using the browser
module of the same package, make sure to set enableBrowserCookie
to false
in the browser
module's initializer function.
When you set cookies from the server, you create and manage cookies on your web server. Then, the web server sends the cookies to the client app. Finally, the client app stores the cookie in the web browser.
Setting cookies from the server has the following benefits:
-
Increases security by adding the
httpOnly
attribute to cookies. This helps prevent browser-side JavaScript from accessing the cookies and mitigate cross-site scripting (XSS) attacks. -
Mitigates the impact of Intelligent Tracking Prevention (ITP) on cookies. For example, unlike client-set cookies, server-set cookies don't expire automatically after 7 days.
Optional cookie settings
Optionally, when you initialize a module, you can configure the cookie domain, the cookie path, and the number of days before the cookie expires. Make sure to configure optional cookie settings the same way in every module your initialize.