Secure Cookies
Web Services uses the secure flag option when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.
Enabling the secure flag
Set the cookies option in the jetty section of the application.yaml file on your Web Services nodes. For details, see Configuring Web Services.
cookies:
httpOnly: true
secure: true
Sample Cookie Header when secure flag is not set
Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly
Sample Cookie Header when secure flag is set
Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly; secure
When the cookie is declared as secure in the cookies configuration option, the browser will prevent the transmission of a cookie over an unencrypted channel.
This page was last edited on November 30, 2017, at 18:09.
Comments or questions about this documentation? Contact us for support!