To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie

Question

Replies

434

Views

Binita@JPMC

Member since 2013

4 posts

Wipro Technologies

Posted: January 14, 2016

Last activity: January 14, 2016

Posted: 14 Jan 2016 4:52 EST
Last activity: 14 Jan 2016 7:37 EST

Closed

To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie

In order to ensure IAC functionality in a secure environment, the following updates were made: HTTPOnly support has been enabled for prGatewaySESSIONID cookies; encryption and obfuscation have been set up for web nodes; added a check for login-config.xml to add default-users.properties and default-roles.properties to the other application-policy.

There is no current mechanism to accomplish this and setting HTTPOnly to true would render the cookie useless. Does this cookie design was removed in PEGA 7.1.7?

Pega Customer Service

System Administration

Security

Moderation Team has archived post,

This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.

Posted: 6 years ago

Posted: 14 Jan 2016 7:37 EST

KevinZheng_GCS

PEGA

replied to Binita@JPMC

Did you set the prconfig settings described here: https://community.pega.com/support/support-articles/how-set-cookies-http-only?

Get Started with Community

Question

To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie

About Pegasystems

Question

To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie

Related content:

About Pegasystems

We'd prefer it if you saw us at our best.