(→Enabling the secure flag) |
|||
| Line 4: | Line 4: | ||
==Enabling the '''secure''' flag== | ==Enabling the '''secure''' flag== | ||
| − | Set the '''cookies''' option in the '''jetty''' section of the '''application.yaml''' file on your Web Services nodes | + | Set the '''cookies''' option in the '''jetty''' section of the '''application.yaml''' file on your Web Services nodes. For details, see [[ConfigurationPremise|Configuring Web Services]]. |
<source lang="text"> | <source lang="text"> | ||
cookies: | cookies: | ||
| Line 15: | Line 15: | ||
===Sample Cookie Header when '''secure''' flag is set=== | ===Sample Cookie Header when '''secure''' flag is set=== | ||
| − | <pre>Set-Cookie: MyCookieName=The value of my cookie; path=/; secure</pre> | + | <pre>Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly; secure</pre> |
When the cookie is declared as secure in the | When the cookie is declared as secure in the | ||
Latest revision as of 12:16, November 10, 2017
Secure Cookies
Web Services uses the secure flag option when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.
Enabling the secure flag
Set the cookies option in the jetty section of the application.yaml file on your Web Services nodes. For details, see Configuring Web Services.
cookies:
httpOnly: true
secure: trueSample Cookie Header when secure flag is not set
Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly
Sample Cookie Header when secure flag is set
Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly; secure
When the cookie is declared as secure in the cookies configuration option, the browser will prevent the transmission of a cookie over an unencrypted channel.
This page was last edited on November 10, 2017, at 12:16.
Comments or questions about this documentation? Contact us for support!