(Created target blank page For Version: HTCC:8.5.2) |
(Update with the copy of version: 8.5.2DRAFT) |
||
| Line 1: | Line 1: | ||
| − | < | + | = Secure Cookies= |
| + | Web Services uses the '''secure''' flag option when sending a new cookie to the user within an HTTP Response. The purpose of the '''secure''' flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text. | ||
| + | |||
| + | ==Enabling the '''secure''' flag== | ||
| + | |||
| + | Set the '''cookies''' option in the '''jetty''' section of the '''application.yaml''' file on your Web Services nodes. For details, see [[ConfigurationPremise|Configuring Web Services]]. | ||
| + | <source lang="text"> | ||
| + | cookies: | ||
| + | httpOnly: true | ||
| + | secure: true | ||
| + | </source> | ||
| + | |||
| + | ===Sample Cookie Header when '''secure''' flag is not set=== | ||
| + | <pre>Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly</pre> | ||
| + | |||
| + | ===Sample Cookie Header when '''secure''' flag is set=== | ||
| + | <pre>Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly; secure</pre> | ||
| + | |||
| + | When the cookie is declared as secure in the | ||
| + | [[Documentation:HTCC:Dep:HTCCConfigurationOptionsReference:8.5.2#cookies|cookies]] configuration option, the browser will prevent the transmission of a cookie over an unencrypted channel. | ||
| + | |||
| + | |||
| + | [[Category:V:HTCC:8.5.2]] | ||
Latest revision as of 18:09, November 30, 2017
Secure Cookies
Web Services uses the secure flag option when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.
Enabling the secure flag
Set the cookies option in the jetty section of the application.yaml file on your Web Services nodes. For details, see Configuring Web Services.
cookies:
httpOnly: true
secure: trueSample Cookie Header when secure flag is not set
Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly
Sample Cookie Header when secure flag is set
Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly; secure
When the cookie is declared as secure in the cookies configuration option, the browser will prevent the transmission of a cookie over an unencrypted channel.
This page was last edited on November 30, 2017, at 18:09.
Comments or questions about this documentation? Contact us for support!