Skip to main content

Question

 Eranda Weerasingha (Eranda10274)
Evonsys (PVT) LTD
Engineer- Technology
Evonsys (PVT) LTD
LK
Eranda10274 Member since 2021 47 posts
Evonsys (PVT) LTD
Posted: 6 days 10 hours ago
Last activity: 6 days 10 hours ago
Posted: 25 Feb 2025 6:00 EST
Last activity: 25 Feb 2025 6:00 EST

How to Enforce Secure Cookies in Pega?

Hi Team,

I’m working on securing cookies in Pega and facing the issue of "Missing Secure Flag". I understand that without the Secure flag, cookies might be transmitted over HTTP instead of HTTPS, making them vulnerable to interception.

Here are the steps I’m considering:

  1. Enable Secure Cookies in DSS (Dynamic System Settings):

    • Owning Ruleset: Pega-Engine
    • Setting Purpose: http/secureCookies
    • Value: true

  2. Update prconfig.xml:

    • Add: <env name="http/secureCookies" value="true" />

After applying these changes, I also plan to verify the cookies in Chrome DevTools to confirm the Secure flag is set.

Has anyone implemented this in their Pega environment? Are there any additional considerations or steps I should take to ensure that the Secure flag is properly enforced?

Thanks in advance for your help!

Eranda.

To see attachments, please log in.
Pega Platform 8.8.5
Pega Platform
Voice AI
Generative AI
Blueprint
Case Management
Email
Telephony
Java and Activities
Cross-Industry
Senior System Architect

  • Reply

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice