Revision as of 15:14, November 2, 2017 by Xavier (talk | contribs)
Jump to: navigation, search

Secure Cookies

Web Services uses the secure flag option when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.

Enabling the secure flag

Set the cookies option in the jetty section of the application.yaml file on your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version 8.5.201.09 or earlier). For details, see Configuring Web Services. 

 cookies:
    httpOnly: true
    secure: true

Sample Cookie Header when secure flag is not set

Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly

Sample Cookie Header when secure flag is set

Set-Cookie: MyCookieName=The value of my cookie; path=/; secure

When the cookie is declared as secure in the cookies configuration option, the browser will prevent the transmission of a cookie over an unencrypted channel.

Comments or questions about this documentation? Contact us for support!