cancel
Showing results for 
Search instead for 
Did you mean: 

Issue with cookies.enable_http_only

Former Member
0 Kudos
125

Hi guys,

System: Sourcing 9.0

I set values of 2 system properties to TRUE, system.security.cookies.enable_http_only and system.security.cookies.enable_secured:

in System -> System Property and reboot system.

After checking configuration with zaproxy (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) i still can see that enable.http_only cookie is unsettled:

(Alert "cookie set without secure flag" successfully passed away)


How can I set HTTPOnly flag?


Kind regards,

Ben

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

I found this useful for me:

and noted, that there was a bug with cookies flags before 9.0 SP19.

Answers (0)