Specification: iscookie

iscookie Element

Set a cookie in your system





Allowed data type: string or expression.

cookie_name is a string or expression that specifies a name for the cookie. Names starting with "$" are not allowed.



Allowed data type: string or expression.

cookie_value is a string or expression that specifies the value stored by the cookie, such as a specific user ID.


Allowed data type: string or expression.

Because cookies can contain private information about a user, the comment attribute lets you document the intended use of the cookie. The user can inspect the information to decide whether to accept to accept or not to accept the cookie.


Allowed data type: string or expression.

domain_name specifies the domain for which the cookie is valid. An explicitly specified domain must always start with a dot. If not specified, the browser sets the attribute domain to the domain that issues the cookie.


Allowed data type: string or expression.

pathname specifies the subset of URLs to which this cookie applies. Pages outside of that path can't use the cookie.


Allowed data type: integer or expression.

cookie_lifetime defines the lifetime of the cookie in seconds. The value is a non-negative decimal integer. After the specified time elapses, the buyer's browser can discard the cookie. If the value is 0, the cookie will be deleted. If the value is less than 0, the cookie isn't persistent and is deleted when the browser exits. The lifetime of the cookie set by Salesforce B2C Commerce when an anonymous customer enters the site for the first time adheres to certain international data storage regulations. The maximum age of this cookie is 6 months. The lifetime of any cookie set by B2C Commerce is 6 months or less.


Allowed data type: decimal integer or expression.

cookie_spec is a decimal integer that identifies the version of the specification which the cookie conforms to. A decimal integer contains any of the digits 0 through 9.


Allowed data: "on" | "off"

The secure attribute indicates that a cookie must only be used with a secure server, such as SSL. Default value is off. Expressions are not allowed.

Supporting Objects

For programmatically reading and modifying cookies, see the following classes in the Scripting API documentation:

  • dw.system.Request
  • dw.web.Cookies
  • dw.web.Cookie


A cookie is a message given to the web browser by B2C Commerce. A cookie lets you store user-related information on the buyer's system, such as storefront preferences for a single buyer. Cookies can also be used to simplify the login procedure, so buyers don't have to type in their names and passwords each time they access the storefront. To accomplish this, the cookie would store a unique user ID on the buyer's system. After the cookie is stored, the browser returns it every time the buyer requests the URL of the issuing server.

You can't set a cookie's SameSite attribute using the API. The server sets SameSite to None if either the developer sets the cookie's Secure flag or the global security preference Enforce HTTPS is enabled, in which case the Secure flag is also set. Otherwise, the server doesn't set the SameSite attribute and the browser uses its own default SameSite setting. The SameSite attribute is not sent with a cookie if the server detects that the client doesn't correctly interpret the attribute.


The following example shows how to set a cookie that can be used later to identify a customer:

  comment="your international customer ID"

The following example shows how to use a cookie that is sent with the current request.

<isif condition="${request.httpCookies['UserID'] != null)}">
  <isredirect location="${URLUtils.url('LoginPanel')}" />