There are a few ways to create cookies
You can create a cookie at the server or client.
1. An Origin Experiment cookie. Note: SiteSpect manages the cookie expiration date. When in a visit, SiteSpect will maintain this cookie so that it correlates with the visit length. The cookie will be maintained with an expiration that is the same as the visit expiration (default of 30 minutes). All visits will have this cookie present while the Campaign is running.
2. Manually in a header declaration with an Origin Experiment (the HttpOnly flag can also be used)
var minutes = 30, date = new Date();
date.setTime(date.getTime() + (minutes * 60 * 1000));
document.cookie = "myCookie=123; expires=" + date.toUTCString() + "; path=/; Secure; SameSite=Lax;";
Information on the SameSite attribute.
Information on cookies in general