Posted: 10 Mar 2020 13:50 EDT Last activity: 10 Mar 2020 17:29 EDT
Pega 7.4 - Should Pega-Perf Cookie Have Secure and HTTPOnly Attributes?
I recently discovered the Pega-Perf cookie and noticed that the Secure and HTTPOnly flags are not set for this cookie. Is this expected/correct for this cookie? Are there any security concerns for this cookie with those flags not being set? Is there a way to update these flags if there are security concerns?
Any help or clarifications is appreciated. Thanks!