I am setting a cookie in a module. Cookie is meant to track an id until an order is placed or will expire in few hours. When the order is placed I need to clear or expire the cookie -- presumably on the INVC page. I was attempting to use SMT to adjust the cookie on the INVC template. But, the cookie won't update. I am looking to figure out how.
I've noticed that the cookie is created with HttpOnly =1 ( per the LSK) by default. This seems to be my roadblock. I am thinking a possible solution is to set the HttpOnly =0 when creating the cookie.
I only need this cookie for a short duration. But HttpOnly prevents other client side scripts from changing the values and properties. I'd like to now violate this capability. Especially if it's a PCI compliance feature that should be maintained.
Might I expire the cookie from the same module during the Fulfillment feature instead of SMT?
Thanks,
Scott
I've noticed that the cookie is created with HttpOnly =1 ( per the LSK) by default. This seems to be my roadblock. I am thinking a possible solution is to set the HttpOnly =0 when creating the cookie.
I only need this cookie for a short duration. But HttpOnly prevents other client side scripts from changing the values and properties. I'd like to now violate this capability. Especially if it's a PCI compliance feature that should be maintained.
Might I expire the cookie from the same module during the Fulfillment feature instead of SMT?
Thanks,
Scott
Comment