search
Dashboard

Server-side cookie

A server-side cookie, or HTTP cookie, is sent from the server to the browser. You can read more about it in the web documentationarrow-up-right. It’s important for the system to send data from the server because browsers can verify its origin and extend its validity. For platforms like Shopify, WordPress, and others, we’ve got you covered —we automatically generate this cookie for you, and it originates from the server where your site is served. However, for headless sites, we don’t have access to your server, so we recommend that you create it yourself. Our system will still generate a server-side cookie with the EdgeTag user ID, but it’s beneficial to have both the server-side cookie and ours running simultaneously. We will map your server-side cookie to ours behind the scenes.

hashtag
Cookie options

Important options:

  • Name: cookie name. Make sure that you use a value that is not already used on your site or by any other provider that you have on your site.

  • Domain: For which domain should the cookie be set? It's good to set it as .mysite.com so that it works with subdomains as well

  • Expires - when the cookie should expire

  • SameSite - in which context the cookie should live

  • Secure - if the cookie should be only served on https

  • HttpOnly - should the cookie be only available for requests

You can read more about it on the web docs.arrow-up-right

hashtag
How to create a cookie?

Server-side cookies should be included in the document response headers. This way, we know they came from the correct server.

circle-exclamation

A cookie should only be created if it doesn't exist yet.

Below is an example of how to create a server-side cookie on your end:

const crypto = require('crypto');

const cookieName = 'truid'; // this is just an example name, you can change it to what you want
const userId = `${crypto.randomUUID()}-${Date.now()}`;
const expirationDate = new Date(2037, 11, 20).toUTCString();
const domainCookie = '.mysite.com'; // change mysite.com to your domain

const cookieString = `${cookieName}=${userId}; SameSite=LAX; Expires=${expirationDate}; Domain=${domainCookie}; HttpOnly; Secure`;

// add cookieString to your headers under key set-cookie
response.writeHead(200, {
    "Set-Cookie": cookieString
});
PreviousValidationNextShopify

Last updated

Was this helpful?