Identity Cloud

Set Custom Cookie node

The Set Custom Cookie node lets you store a custom cookie on the client in addition to the session cookie.

The node uses the specified properties to create a cookie with a custom name and value. It can also set attributes, such as the cookie path, domain, expiry, and security flags.

Use this node with the Configuration Provider node to extend custom capabilities. For example, create a Config Provider script to set custom static values or access values from the shared node state.

Include all the attributes in the configuration provider script’s config map. The following example sets the attributes of the custom cookie to static values:

config = {
    "name": "testname",
    "value": "testvalue",
    "maxAge": "60",
    "domain": "",
    "path": "/",
    "useSecureCookie": false,
    "useHttpOnlyCookie": false,
    "sameSite": "LAX"

Reference the script when you create a Configuration Provider node, and set the Node Type to Set Custom Cookie:

Configuration Provider node referencing this node


Product Compatible?

ForgeRock Identity Cloud


ForgeRock Access Management (self-managed)


ForgeRock Identity Platform (self-managed)



This node reads the user data from the shared node state.

It requires a predecessor node that gathers the user data.


Property Usage

Custom Cookie Name (required)

The name of the custom cookie.

The cookie name can contain any US-ASCII characters except for: space, tab, control, or a separator character (()<>@,;:"/[]?=\{}).

Custom Cookie Value (required)

The value of the custom cookie.

Max Age

The length of time the custom cookie remains valid, in seconds. If that time is exceeded, the cookie is no longer valid.

AM sets the Max-Age and Expires attributes in the cookie to increase compatibility with different browsers.

If omitted, the cookie expires at the end of the current session. The precise implementation of this is determined by the specific browser. Refer to RFC 6265 for details.

Custom Cookie Domain

The domain the custom cookie will be sent to. If you specify a value here, AM sets a domain cookie. For example, if you set this property to, AM sets a cookie on Note the leading . indicating a domain cookie rather than a host cookie.

If you don’t set a value here, AM sets a host level cookie on the FQDN on which the client accessed AM. For example, if the client accesses AM at and this property is empty, AM sets a host cookie on

Custom Cookie Path

The path of the custom cookie.

Use Secure Cookie

When enabled, adds the Secure flag to the custom cookie.

If you include the Secure flag, the cookie can only be transferred over HTTPS. When a request is made over HTTP, the cookie isn’t made available to the application.

Use HTTP Only Cookie

When enabled, adds the HttpOnly flag to the custom cookie.

If you include the HttpOnly flag, the cookie isn’t accessible to scripts.

Custom Cookie SameSite attribute

Sets the SameSite attribute of the custom cookie.

The default value is LAX, to align with most modern browsers.

For more information about cookies in AM, refer to SameSite cookie support in AM and IG.


Single outcome path.

The cookie is created when AM next returns to the client.


This example uses this node in a login flow. The node sets the custom cookie in the client browser after the user has successfully authenticated:

The Set Custom Cookie node in context
Copyright © 2010-2024 ForgeRock, all rights reserved.