Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Binita Koley (Binita@JPMC)
Wipro Technologies

Wipro Technologies
IN
Binita@JPMC Member since 2013 4 posts
Wipro Technologies
Posted: Jan 14, 2016
Last activity: Jan 14, 2016
Posted: 14 Jan 2016 4:52 EST
Last activity: 14 Jan 2016 7:37 EST
Closed

To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie

In order to ensure IAC functionality in a secure environment, the following updates were made: HTTPOnly support has been enabled for prGatewaySESSIONID cookies; encryption and obfuscation have been set up for web nodes; added a check for login-config.xml to add default-users.properties and default-roles.properties to the other application-policy.

There is no current mechanism to accomplish this and setting HTTPOnly to true would render the cookie useless.  Does this cookie design was removed in PEGA 7.1.7?

To see attachments, please log in.
Pega Customer Service
System Administration
Security

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice