setting Secure and HttpOnly flag in Cookie

Avatar

Avatar

satheeshraj

Avatar

satheeshraj

satheeshraj

02-11-2015

Hi,

I have the below requirement could someone provide inputs as what could be done

  • I need to set the secure flag for login-token cookie. Currently "TokenUtil.createCredential()" method is having the argument to set the cookie as HttpOnly.
  • I need the sessionPersistence cookie to be HttpOnly and secure.

Please suggest a way to achieve this in CQ5 version 5.6.1

Thanks,

Satheeshraj V

Accepted Solutions (1)

Accepted Solutions (1)

Answers (4)

Answers (4)

Avatar

Avatar

jamiec4451712

Avatar

jamiec4451712

jamiec4451712

08-06-2020

I know this is an old question, but our team ran into a very similar issue and I posted details of our solution here: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-session-cookie-with-ht...

Avatar

Avatar

kautuk_sahni

Community Manager

Total Posts

5.6K

Likes

969

Correct Answer

1.1K

Avatar

kautuk_sahni

Community Manager

Total Posts

5.6K

Likes

969

Correct Answer

1.1K
kautuk_sahni
Community Manager

02-11-2015

Hi

Please find below some reference article which could come as a help to you:-

Link:- http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manage...

// If the request is over https out of the box should be setting the secure flag on all cookies.  In case you are terminating SSL on another layers like lb, dispatcher configure  Felix SSL Filter.   You can also set using api.

 https://docs.oracle.com/javase/7/docs/api/java/net/HttpCookie.html 

 

Link :- http://www.adobe.com/devnet/coldfusion/articles/coldfusion-securing-apps.html

Link :- https://blogs.oracle.com/jluehe/entry/ow_to_configure_the_security

I think this come as a help to you.

 

Thanks and Regards

Kautuk Sahni

Avatar

Avatar

satheeshraj

Avatar

satheeshraj

satheeshraj

02-11-2015

In the above provided link there was no clue to set secure flag for 'login-token' cookie and sessionPersistence cookie.

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

02-11-2015