Comments (2)
  • Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

1 Trisplika commented Permalink

Hi Jon,

Great article in setting up the HTTPOnly config unfortunately we cannot make it work.
We've added the property and put the value equal to asterisk (*) but still our cookies weren't set to HTTPonly. We're actually using a customized IBM Websphere delivered to our PeopleSoft App server. Is there anything else we could check? I've tried checking with PeopleSoft knowledge base and IBM knowledge base but I cannot find any article related to this.
By the way, I'm using both the Firefox Firebug and the debugging tool in Chrome.
Thanks in advance.

2 JohnPape commented Permalink

Hi Dean,

You don't mention what version of WebSphere you're using but I'll just point out again that this property should work for WAS v7.0.0.9+ and v6.1.0.31+ so make sure you're at or beyond one of those levels. Next, I'd confirm that you sync'd your nodes after you made the change if you're in a network deployment topology. You'd also need to restart the server post change. If you're still not seeing the value reflected in your cookies, your best course of action would be to open a service request with IBM Support @