Jump to: navigation, search

Secure Cookies

Web Services uses the secure flag option when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.

Enabling the secure flag

Set the cookies option in the jetty section of the application.yaml file on your Web Services nodes. For details, see Configuring Web Services.

 cookies:
    httpOnly: true
    secure: true

Sample Cookie Header when secure flag is not set

Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly

Sample Cookie Header when secure flag is set

Set-Cookie: MyCookieName=The value of my cookie; path=/; HttpOnly; secure

When the cookie is declared as secure in the cookies configuration option, the browser will prevent the transmission of a cookie over an unencrypted channel.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on November 30, 2017, at 10:09.