Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Michael Gress (MichaelG7231)
General Motors
Michael Gress
General Motors
US
MichaelG7231 Member since 2019 6 posts
General Motors
Posted: May 4, 2020
Last activity: May 7, 2020
Posted: 4 May 2020 12:24 EDT
Last activity: 7 May 2020 11:20 EDT
Closed
Solved

JSession ID wasn't affected by prconfig changes, does it need something else?

We followed this post about setting the httponly and secure attributes on the session cookies in the prconfig.xml file.  It worked for the Pega-Rules cookie, but it didn't help the Pega-Perf or the JSESSIONID cookies.  This is for Pega 8.4 in Kubernetes.  Is there an additional step that needs to be done for those?

https://community.pega.com/support/support-articles/how-set-cookies-http-only

Thanks, Mike

To see attachments, please log in.
Pega Platform 8.4
Decision Management

Accepted Solution

Posted: 4 years ago
Updated: 4 years ago
Posted: 7 May 2020 11:19 EDT
Updated: 7 May 2020 11:20 EDT
Michael Gress (MichaelG7231)
General Motors
Michael Gress
General Motors
US

We were able to get this by also adding the following to session-config section in the tomcat web.xml

<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice