Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Christophe LIMA (ChristopheL4736)
Capgemini
System Architect
Capgemini
FR
ChristopheL4736 Member since 2019 3 posts
Capgemini
Posted: Jun 7, 2023
Last activity: Oct 16, 2023
Posted: 7 Jun 2023 6:03 EDT
Last activity: 16 Oct 2023 17:09 EDT
Closed

Pega 8.7.4 - Should Pega-Perf Cookie Have Secure and HTTPOnly Attributes ?

We recently discovered that the Pega-Perf do not have the HTTPOnly flags set ( Pega 8.7.4 ) .

Is this expected for this cookie?

Are there any security concerns for this cookie with those flags not being set?

Is there a way to update these flags if there are security concerns?

Any help or clarifications will be appreciated.

Thanks!

***Edited by Moderator: Bhavana S to add capability tags, Product tag and Product version***
To see attachments, please log in.
Pega Platform 8.7.4
Security
Low-Code App Development
Senior System Architect

Posted: 1 year ago
Posted: 16 Oct 2023 17:09 EDT
Michael Darrin (MichaelD1976)
Highmark Blue Cross Blue Shield

Highmark Blue Cross Blue Shield
US

Did anyone ever get an answer for this?  We have the same issue with this cookie, causing a vulnerability scan failure...

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice