There are a few ways to create cookies
You can create a cookie at the server or client.
1. An Origin Experiment cookie (SiteSpect manages the cookie including expiring it with the Campaign)
2. Manually in a header declaration with an Origin Experiment
var minutes = 30, date = new Date();
date.setTime(date.getTime() + (minutes * 60 * 1000));
document.cookie = "myCookie=123; expires=" + date.toUTCString() + "; path=/; Secure; SameSite=Lax; HttpOnly";
Information on the SameSite attribute.
Information on cookies in general