Hi Team,
We are planning to switch on the 'Require HTTPOnly Attribute' in Salesforce. We have been told by Salesforce support team that it might affect any custom/packaged application that uses JavaScript to access session ID cookies. It denies the application access to the cookie and the AJAX Toolkit debugging window is not available.
Please let us know if the product 'Marketo Lead Management' by Marketo is using JavaScript to access session ID cookies?
Thanks & Regards,
Rashi Tandon
Salesforce Admin
Hughes Network Systems
Contact: +13016014071
Marketo doesn't use Salesforce session cookies at all.
Marketo's Munchkin library (not installed in SFDC) uses its own cookies, and absolutely uses JS to access them.