setting Secure and HttpOnly flag in Cookie | Community
Skip to main content
S
satheeshraj
November 2, 2015
Solved

setting Secure and HttpOnly flag in Cookie

  • November 2, 2015
  • 5 replies
  • 8099 views

Hi,

I have the below requirement could someone provide inputs as what could be done

  • I need to set the secure flag for login-token cookie. Currently "TokenUtil.createCredential()" method is having the argument to set the cookie as HttpOnly.
  • I need the sessionPersistence cookie to be HttpOnly and secure.

Please suggest a way to achieve this in CQ5 version 5.6.1

Thanks,

Satheeshraj V

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

5 replies

smacdonald2008
smacdonald2008
November 2, 2015

Here is an older thread that talks about similar ( HTTPOnly and SECURE FLAG for session cookies):

https://forums.adobe.com/thread/1562784

S
satheeshrajAuthor
November 2, 2015

In the above provided link there was no clue to set secure flag for 'login-token' cookie and sessionPersistence cookie.

kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
November 2, 2015

Hi

Please find below some reference article which could come as a help to you:-

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manager.topic.html/forum__x8or-hello_is_itposs.html

// If the request is over https out of the box should be setting the secure flag on all cookies.  In case you are terminating SSL on another layers like lb, dispatcher configure  Felix SSL Filter.   You can also set using api.

 https://docs.oracle.com/javase/7/docs/api/java/net/HttpCookie.html 

 

Link :- http://www.adobe.com/devnet/coldfusion/articles/coldfusion-securing-apps.html

Link :- https://blogs.oracle.com/jluehe/entry/ow_to_configure_the_security

I think this come as a help to you.

 

Thanks and Regards

Kautuk Sahni

Kautuk Sahni
Sham_HC
Sham_HCAccepted solution
November 2, 2015

enable aem with ssl. https://docs.adobe.com/docs/en/cq/5-6-1/deploying/config-ssl.html

J
jamiec4451712
June 8, 2020

I know this is an old question, but our team ran into a very similar issue and I posted details of our solution here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-httponly-and-secure-flag/qaq-p/206712/comment-id/75793#M75793

    kautuk_sahni
    Community Manager
    kautuk_sahniCommunity Manager
    Community Manager
    June 9, 2020
    Nice Reply.
    Kautuk Sahni
    Terms & ConditionsAccessibility statement

    Loading footer...