To set the HTTPOnly and Secure attributes to "true" on the IAC-NonGateway cookie
In order to ensure IAC functionality in a secure environment, the following updates were made: HTTPOnly support has been enabled for prGatewaySESSIONID cookies; encryption and obfuscation have been set up for web nodes; added a check for login-config.xml to add default-users.properties and default-roles.properties to the other application-policy.
There is no current mechanism to accomplish this and setting HTTPOnly to true would render the cookie useless. Does this cookie design was removed in PEGA 7.1.7?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Keep up to date on this post and subscribe to comments
- How to turn off IAC-NonGateway cookie at PRPC level
- Security Scan Issue: Cookie does not have HTTPOnly attribute.
- pyCaseAttachmentsWrapper does not show attachment link, case id, attachment category if "Work-.pyIncludeSubCases" set to "true"
- Setting cookies http-only and secure
- sending Email notfication to work group based on when "pyOpAvailable " satatus will chage from "true" to "false"