To make user cookies more secure and prevent users from using another user’s profile by changing their cookie, the ATG platform includes a profile ID check cookie that it uses to validate the user’s cookie. When you use secure profile cookies, Dynamo sends two cookies, named DYN_USER_ID and DYN_USER_CONFIRM. The DYN_USER_CONFIRM cookie is a hash of the user ID cookie. If the hashed DYN_USER_CONFIRM cookie does not match the user ID cookie, then the cookies are ignored and a new profile is used.

You may want to change the key that Dynamo uses to hash the cookie from the default value, so that your site’s cookies will be hashed with a different key from that used by other sites that run Dynamo. To change the secret key that Dynamo uses to hash the user ID cookie, edit the cookieHashKey property of atg/userprofiling/CookieManager.

 
loading table of contents...