How to set utag_main to be secure cookie

tstulka
Rookie Contributor
tstulka

Our pen test reported a potential issue with utag_main cookie being set as not secure. I'm trying to find a way to change that with no success. Any help will be appreciated. Thanks.

Tomasz

2 REPLIES 2

How to set utag_main to be secure cookie

davidkalee
Employee Emeritus
davidkalee

Hi there,

You can set the cookie to secure by updating the uTag loader file. This file is the backbone of Tealium on your site, so please be cautious in editing it. You can access this by clicking on your name in the upper right hand corner and clicking on manage templates from the drop down menu. From there you can select the uTag loader template and edit the following line (line 423) from:

document.cookie = a + “=” + v + “;path=/;domain=” + utag.cfg.domain + “;expires=” + x;  
to:
document.cookie = a + “=” + v + “;path=/;domain=” + utag.cfg.domain + “;expires=” + x + “;secure”; 
 
Prior to making changes, I would recommend saving a copy of the utag loader locally, just as a precaution. In addition, with this modification, the loader becomes customized. In the future, when updating the loader to a newer version, you will have to make the same modification.
 
If you do not feel comfortable making these changes, please don't hesitate to reach out to Tealium support!

How to set utag_main to be secure cookie

sangmister
Silver Contributor
Silver Contributor sangmister

General question: Would it have a drawback to set all cookies to secure? This could be an option in the iQ settings or a general feature.

I was requesting this feature already and I don't think that it would be a big thing to do. Plus it would help a lot of data security staff in the EU to comply to GDPR regulations.