0

How to set Secure flag for analytics.js cookies?

During penetration testing of our web application, some of our cookies were identified as not being set with the Secure flag which would allow an attacker to steal sensitive information that might be in this cookie.  These cookies originate from the segmentio Analytics.js module being used to track user activity:

ajs_group_id
ajs_user_id
ajs_anonymous_id

Is there a way we can ensure that the Secure flag is set on these cookies?

8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Thanks for reaching out, Roger. Our team will reach out to you directly to address this. Thanks! 

    Reply Upvote
  • I have the same question. Is there a way to set the secure flag for the three analytics.js cookies: ajs_group_id, ajs_user_id and ajs_anonymous_id?

    Reply Upvote
  • Hi Anthony,

    Currently, we don't have a way set that flag. We are exploring the possibility of adding it in the future.

    Best,

    Xavier

    Reply Upvote
  • I swear I replied to this issue earlier, since my account is new are my posts being regulated?

    Reply Upvote
  • Hi, 

    We're facing the same issue as we need to follow GDPR compliance. Any update on this?

    Reply Upvote
  • Hello,

    As  Tao said, this issue is very important for our GDPR Compliance. Did you find a way to set the secure flag on these cookies? 

    Reply Upvote
  • Hi ,

    We are also facing this issue. Has a way been found to set the secure flag on the ajs_group_id, ajs_user_id and ajs_anonymous_id cookies?

    Reply Upvote
  • Hi 

    We are able to set ajs_user_id to %22 url encoded value. Now, we want to make these anonymity cookies as secure. Could you please help us a way to set secure flag on the above cookies.

    Thanks in advance.

    Reply Upvote