Cloud SDK cookies

Version: 0.3

The Cloud SDK stores cookies in the web browser as first-party cookies. First-party cookies are set by the domain that appears in the web browser's address bar. The Cloud SDK stores the following cookies:

Cookie name

Description

Configuration options

sc_{SitecoreEdgeContextId}

Persists the browser ID between sessions, which is required for all calls that the Cloud SDK makes to Sitecore.

Assigns a universally unique identifier (UUID) that is unique per browser until the cookie expires or is deleted.

After the cookie expires or is deleted, a new UUID is generated the next time the site visitor returns.

Configured in the initializer function of the module of every Cloud SDK package.

sc_{SitecoreEdgeContextId}_personalize

Persists the guest ID between sessions, which is required for calls that the Cloud SDK makes to Sitecore for personalization.

Assigns a universally unique identifier (UUID) that is unique per site visitor until the cookie expires or is deleted.

After the cookie expires or is deleted, a new UUID is generated the next time the site visitor returns.

Configured in the initializer function of the module of every Cloud SDK package.

Note

Depending on your site configuration, XM Cloud may issue other cookies to website visitors, as well.

The Cloud SDK lets you configure cookie settings in the initializer function of the module of every Cloud SDK package you're using.

When you initialize a module, you must decide whether to set cookies from the browser (client-set cookies) or from the server (server-set cookies).

Important

Only load the Cloud SDK and set cookies if your site visitor grants consent.

Client-set cookies

You can set cookies from the browser by setting the enableBrowserCookie to true in the initializer function of the browser module of the package you're using. If you're also using the server module of the same package, make sure to set enableServerCookie to false in the server module's initializer function.

Server-set cookies

You can set cookies from the server by setting the enableServerCookie to true in the initializer function of the server module of the package you're using. If you're also using the browser module of the same package, make sure to set enableBrowserCookie to false in the browser module's initializer function.

When you set cookies from the server, you create and manage cookies on your web server. Then, the web server sends the cookies to the client app. Finally, the client app stores the cookie in the web browser.

Setting cookies from the server has the following benefits:

  • Increases security by adding the httpOnly attribute to cookies. This helps prevent browser-side JavaScript from accessing the cookies and mitigate cross-site scripting (XSS) attacks.

  • Mitigates the impact of Intelligent Tracking Prevention (ITP) on cookies. For example, unlike client-set cookies, server-set cookies don't expire automatically after 7 days.

Optionally, when you initialize a module, you can configure the cookie domain, the cookie path, and the number of days before the cookie expires. Make sure to configure optional cookie settings the same way in every module your initialize.

Do you have some feedback for us?

If you have suggestions for improving this article,