Question
To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie
In order to ensure IAC functionality in a secure environment, the following updates were made: HTTPOnly support has been enabled for prGatewaySESSIONID cookies; encryption and obfuscation have been set up for web nodes; added a check for login-config.xml to add default-users.properties and default-roles.properties to the other application-policy.
There is no current mechanism to accomplish this and setting HTTPOnly to true would render the cookie useless. Does this cookie design was removed in PEGA 7.1.7?
Did you set the prconfig settings described here: https://pdn.pega.com/support-articles/how-set-cookies-http-only?