There are a few ways to create cookies
You can create a cookie at the server or client.
1. An Origin Experiment cookie (SiteSpect manages the cookie including expiring it with the Campaign)
2. Manually in a header declaration with an Origin Experiment
3. With JavaScript (will not be seen by the server until the next page request). A script like this code would be added into a page with a search and replace Variation.
var minutes = 30, date = new Date();
date.setTime(date.getTime() + (minutes * 60 * 1000));
document.cookie = "myCookie=123; expires=" + date.toUTCString() + "; path=/; Secure; SameSite=Lax; HttpOnly";
Information on the SameSite attribute.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Information on cookies in general
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies