Set an HTTP Cookie

Set a custom HTTP cookie

Description

When this step is executed, a cookie string is set that includes the specified parameters and the cookie string is sent back to the HTTP client in the next response.

Configuration

Field Description
Name Expression that yields the name used to identify the cookie.
Value Expression that yields the value to assign to the cookie.
Cookie Type Property which determines the validity period/scope of the cookie. A Session Cookie is valid for the current session and is deleted when the client application closes, while a Persistent Cookie is stored even after the client application closes and it expires after a specified period of time (in seconds) or specified date/time.
Max Age Expiration period in seconds for a persistent cookie. Cookie expiration may be configured using either Max Age or Expires (but not both).
Expires Expression for the expiration date and time of a persistent cookie. It may yield either an epoch time in milliseconds (e.g., @time.now) or an ISO 8601 formatted string. Cookie expiration may be configured using either Max Age or Expires (but not both).
Domain Expression that yields an optional list of domains to which the cookie is allowed to be sent (specified in the syntax described in RFC6265). If specified, the cookies are available on the server and its subdomains. If unspecified, the cookies are available on the server but not on its subdomains.
Path Expression that yields an optional list of paths to which the cookie is allowed to be sent (specified in the syntax described in RFC6265).
Secure Select Yes to only allow the cookie to be sent to the server via secure connections. Cookie will only be sent to the server when a request is made using SSL and the HTTPS protocol.
HTTP Only Select Yes to make the cookie only accessible via HTTP. Cookie will not be accessible via JavaScript through the Document.cookie property, the XMLHttpRequest API, or the Request API.
Same Site SameSite policy used to prevent browsers from sending the cookie together with cross-site requests. Default is Disabled.
  • Disabled—No SameSite value is declared so the browser uses its default. This option is available since not all browsers support a SameSite policy.
  • None—Allows the cookie to be sent by the browser to the target site in all cross-site browsing contexts if the connection is secure (i.e., Secure must be set to Yes)
  • Lax—Prevents the cookie from being sent by the browser to the target site in cross-site AJAX requests. However, the cookie is allowed to be sent when following a regular link.
  • Strict—Prevents the cookie from being sent by the browser to the target site in all cross-site browsing contexts, even when following a regular link.