How to enable http only flag in liferay 6.2 EE

Foren

Arun Pandian, geändert vor 8 Jahren.

How to enable http only flag in liferay 6.2 EE

New Member Beiträge: 3 Beitrittsdatum: 17.06.15 Neueste Beiträge

Http only flag not enabled for some session value like JSESSIONID and LFR_SESSION_STATE_20159. I want to enable for JSESSIONID for security purpose. Please help me..

Tomas Polesovsky, geändert vor 8 Jahren.

RE: How to enable http only flag in liferay 6.2 EE

Liferay Master Beiträge: 676 Beitrittsdatum: 13.02.09 Neueste Beiträge

Hi,

JSESSIONID is managed by your application server / servlet container ... Tomcat, JBoss AS, WebLogic, ... You need to configure it there.

LFR_SESSION_STATE cookies should NOT have HttpOnly flag set, they are used by portal JavaScripts.

So configure only JSESSIONID and then you should be fine.