JSession ID wasn't affected by prconfig changes, does it need something else?
We followed this post about setting the httponly and secure attributes on the session cookies in the prconfig.xml file. It worked for the Pega-Rules cookie, but it didn't help the Pega-Perf or the JSESSIONID cookies. This is for Pega 8.4 in Kubernetes. Is there an additional step that needs to be done for those?