Question

1
Replies
344
Views
Binita@JPMC Member since 2013 4 posts
Wipro Technologies
Posted: 4 years ago
Last activity: 4 years 8 months ago
Closed

To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie

In order to ensure IAC functionality in a secure environment, the following updates were made: HTTPOnly support has been enabled for prGatewaySESSIONID cookies; encryption and obfuscation have been set up for web nodes; added a check for login-config.xml to add default-users.properties and default-roles.properties to the other application-policy.

There is no current mechanism to accomplish this and setting HTTPOnly to true would render the cookie useless.  Does this cookie design was removed in PEGA 7.1.7?

Pega Customer Service System Administration Security
Moderation Team has archived post
Share this page LinkedIn