Enable UserCookie version 3.1

  • Release version: Australia
  • Updated March 13, 2026
  • 1 minute to read

    • Manage the version of UserCookie that is enabled on your instance to secure the storage of the secret key in the source code.

    UserCookie v3 is generated only when property glide.ui.secure.cookies.use_kmf is disabled is disabled. UserCookie v3 is not secure due to storing secret key for HMAC in source code and identical for all customers. By setting the property glide.ui.secure.cookies.use_kmf to true, UserCookie v3.1 is used and secret key is stored in security storage such as KMF.

    More information

    Attribute Description
    Configuration name glide.ui.secure.cookies.use_kmf
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value true
    Default value false
    Category Session management
    Security risk
    • Severity score: 7.1
    • CVSS score: High
    • Security risk details: This creates a significant risk of session hijacking, as attackers who obtain or reverse-engineer the key can forge authentication cookies and impersonate users.
    Dependencies and prerequisites None