Question & Answer
Question
How do I configure the 'HTTPOnly' and 'Secure' flags for cookies managed by WebSphere Application Server traditional?
Answer
The WebSphere product manages several cookies including LtpaToken2, WASReqURL, and JSESSIONID. The following settings can be toggled to set values for the Secure and HTTPOnly flags.
Note: For WebSphere Liberty, review this related document: Setting the HTTPOnly and Secure Flags on WebSphere Liberty Cookies
LtpaToken2 and WASReqURL:
JSESSIONID:
Related Information
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0;8.5","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
08 July 2021
UID
swg21422185