TGC HttpOnly?
12 views
Skip to first unread message
Siim
Oct 4, 2016, 10:29:53 AM10/4/16
to CAS Community
Hi again!
I have deployed CAS 4.2.4 to Tomcat 8.5.5. If I look into Chrome Developer tool, I see that JSESSIONDID has HttpOnly flag, but TGC doesn't have.
Is there any option to set the flag up?
Also in Spring CookieGenerator there is cookiehttpOnly false by default
Also if it changes something somehow, I am running cas on port 8080 as http and behind Apache HTTP proxy running HTTPS.
Siim
I have deployed CAS 4.2.4 to Tomcat 8.5.5. If I look into Chrome Developer tool, I see that JSESSIONDID has HttpOnly flag, but TGC doesn't have.
Is there any option to set the flag up?
Also in Spring CookieGenerator there is cookiehttpOnly false by default
Also if it changes something somehow, I am running cas on port 8080 as http and behind Apache HTTP proxy running HTTPS.
Siim
Reply all
Reply to author
Forward
0 new messages