Question

1
Replies
366
Views
Close popover
Binita Koley (Binita@JPMC)
Wipro Technologies

Wipro Technologies
IN
Binita@JPMC Member since 2013 4 posts
Wipro Technologies
Posted: January 14, 2016
Last activity: January 14, 2016
Closed

To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie

In order to ensure IAC functionality in a secure environment, the following updates were made: HTTPOnly support has been enabled for prGatewaySESSIONID cookies; encryption and obfuscation have been set up for web nodes; added a check for login-config.xml to add default-users.properties and default-roles.properties to the other application-policy.

There is no current mechanism to accomplish this and setting HTTPOnly to true would render the cookie useless.  Does this cookie design was removed in PEGA 7.1.7?

Pega Customer Service System Administration Security
Moderation Team has archived post