Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Satyam Agarwal (SatyamA4)
Sopra Steria

Sopra Steria
IN
SatyamA4 Member since 2020 1 post
Sopra Steria
Posted: Jun 10, 2022
Last activity: Jun 10, 2022
Posted: 10 Jun 2022 1:42 EDT
Last activity: 10 Jun 2022 4:22 EDT
Closed

Set HttpOnly security flags on session cookies

Hello, I found out this article: https://docs-previous.pega.com/security/86/understanding-dynamic-system-settings Where we are setting HttpOnly security flags on session cookies by using DSS prconfig/Cookie/HTTPOnly/default  to true in Pega V8.6 but when I am checking without DSS, I can see that this cookie is already setting to true even without DSS. Does anyone has any idea how it's setting to true by default and how can we test this?

***Edited by Moderator: Pooja Gadige to add capability tag***
To see attachments, please log in.
Pega Platform 8.6.3
Security
System Architect

Posted: 2 years ago
Posted: 10 Jun 2022 4:22 EDT
Manjunatha Chakresha Rao (ManjunathaC)
UnitedHealth Group Incorporated
Manjunatha Chakresha Rao
UnitedHealth Group Incorporated
IN

@SatyamA4 You can look for it on  prconfig.xml. Here default value is true, so it is set true on prconfig.xml. With the DSS you can over write.(needs restart)

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice