Optional: Improving security for session cookies

Edit online

You can improve security for session cookies by providing an override setting for your container configuration.

About this task

This optional update applies for the following containers:
  • Content Platform Engine
  • Content Management Interoperability Services
  • GraphQL

However, some Content Platform Engine features are affected by this setting. Please review the following information before you change this setting:

Applets
The cookieHttpOnly=“true” setting can cause applets hosted by the Content Platform Engine to fail. If you plan to use applets, remove this entry from the XML file. Or you can use the HTML-based solution, such as the HTML step processor.

Procedure

Improve security for session cookies by adding httpSession configuration to your overrides directory.
In the overrides directory, create an XML file (for example, zHTTPsession.xml) with the following content:
<server>
   <httpSession
    cookieName="JSESSIONID"
    cookieSecure="true"
    cookieHttpOnly="true"
    cookiePath="/"
   >
   </httpSession>
</server>