Hello Team, Can someone let me know how to set the saml_request_path cookie as httponly and secure in aem . Our website was given for webscan and this is the response that we got in webscan report.
Attack Request:
POST /saml_login HTTP/1.1
Host: <myhost>
Connection: keep-alive
Content-Length: 10825
Cache-Control: max-age=0
Origin: <>
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
...
..
etc
&
Attack Response:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://<myapp>.html
Server: XYZ
Set-Cookie: login-token=abcde%3acrx.default; Path=/; HttpOnly; Secure
Set-Cookie: saml_request_path="";Version=1;Path=/;Expires=Tue, 17-Jul-2018 11:08:09 GMT;Max-Age=1
X-Content-Type-Options: nosniff