Posted: 14 Jan 2016 4:52 EST Last activity: 14 Jan 2016 7:37 EST
To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie
In order to ensure IAC functionality in a secure environment, the following updates were made: HTTPOnly support has been enabled for prGatewaySESSIONID cookies; encryption and obfuscation have been set up for web nodes; added a check for login-config.xml to add default-users.properties and default-roles.properties to the other application-policy.
There is no current mechanism to accomplish this and setting HTTPOnly to true would render the cookie useless. Does this cookie design was removed in PEGA 7.1.7?