Enable UserCookie version 3.1

Australia Platform security

Release

australia

ft:locale

en-US

ft:publication_title

Australia Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Enable UserCookie version 3.1

Release version: Australia

Updated March 13, 2026

1 minute to read

Manage the version of UserCookie that is enabled on your instance to secure the storage of the secret key in the source code.

UserCookie v3 is generated only when property glide.ui.secure.cookies.use_kmf is disabled is disabled. UserCookie v3 is not secure due to storing secret key for HMAC in source code and identical for all customers. By setting the property glide.ui.secure.cookies.use_kmf to true, UserCookie v3.1 is used and secret key is stored in security storage such as KMF.

More information


Attribute	Description
Configuration name	glide.ui.secure.cookies.use_kmf
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	false
Category	Session management
Security risk	Severity score: 7.1 CVSS score: High Security risk details: This creates a significant risk of session hijacking, as attackers who obtain or reverse-engineer the key can forge authentication cookies and impersonate users.
Dependencies and prerequisites	None