Skip to main content

Question

 Eileen Liu (EileenL17386615)
HKEX

HKEX
HK
EileenL17386615 Member since 2025 1 post
HKEX
Posted: Mar 18, 2025
Last activity: Jun 12, 2025
Posted: 18 Mar 2025 3:29 EDT
Last activity: 12 Jun 2025 12:11 EDT

Cookies Not Marked as Secure / Cookies with missing, inconsistent or contradictory properties

I have scanned the system for security vulnerabilities and found the following vulnerabilities that need to be addressed.

  1. Cookies Not Marked as Secure.
  2. Cookies with missing, inconsistent or contradictory properties.

I confirmed my system configuration as follows.

  • \PegaXXX\Tomcat9\conf\web.xml 
    -<session-config>
        <session-timeout>30</session-timeout>
        -<cookie-config>
            <http-only>true</http-only>
            <secure>true</secure>
        </cookie-config>
    </session-config>
  • System Settings

​​system setting

  • \PegaXXX\Tomcat9\conf\context.xml

    <CookieProcessor sameSiteCookies="strict"/>

 

How do I fix these two security vulnerabilities?

***Edited by Moderator Rupashree S. to add Capability tags***
To see attachments, please log in.
Pega Platform '23
Pega Platform
Case Management
Email
Workflow Automation
Security
Financial Services
Customer Service Developer

  • Reply

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice