Foren
How to enable http only flag in liferay 6.2 EE
Arun Pandian, geändert vor 8 Jahren.
How to enable http only flag in liferay 6.2 EE
New Member Beiträge: 3 Beitrittsdatum: 17.06.15 Neueste Beiträge
Http only flag not enabled for some session value like JSESSIONID and LFR_SESSION_STATE_20159. I want to enable for JSESSIONID for security purpose. Please help me..
Anhänge:
Tomas Polesovsky, geändert vor 8 Jahren.
RE: How to enable http only flag in liferay 6.2 EE
Liferay Master Beiträge: 676 Beitrittsdatum: 13.02.09 Neueste Beiträge
Hi,
JSESSIONID is managed by your application server / servlet container ... Tomcat, JBoss AS, WebLogic, ... You need to configure it there.
LFR_SESSION_STATE cookies should NOT have HttpOnly flag set, they are used by portal JavaScripts.
So configure only JSESSIONID and then you should be fine.
JSESSIONID is managed by your application server / servlet container ... Tomcat, JBoss AS, WebLogic, ... You need to configure it there.
LFR_SESSION_STATE cookies should NOT have HttpOnly flag set, they are used by portal JavaScripts.
So configure only JSESSIONID and then you should be fine.