Set-Cookies httponly and secure on Jboss

412 views
Skip to first unread message

Jatin Nayak

unread,
Jan 9, 2012, 11:34:16 AM1/9/12
to atg_...@googlegroups.com
Hi All,

We have a requirement of cookie setting for 'httponly' and 'secure' modes.

Currently our site gives: “Set-Cookie: DYN_USER_ID=443786224; Path=/”  on both HTTP and HTTPS. 

But we need it as:
                         “Set-Cookie: DYN_USER_ID=443786224; Path=/; httponly”     on HTTP 

                          “Set-Cookie: DYN_USER_ID=443786224; Path=/; secure; httponly”     on HTTPS.


Environment Details-
ATG2007.1
JBoss4.0.5

Could anyone please advise how can we do this ?

--
Regards,
Jatin

Jatin Nayak

unread,
Jan 12, 2012, 5:07:26 AM1/12/12
to atg_...@googlegroups.com
Hi All,

I found from ATG docs that we basically get the profile cookie configuration from component /atg/userprofiling/CookieManager.
This sets the values for DYN_USER_ID and DYN_USER_CONFIRM.
Below is an example of this.

"  DYN_USER_ID=447205205; Path=/  DYN_USER_CONFIRM=8925bb5de2964ee9f4f5572c553281a0; Path=/  "

Is there a way if we can customize this component to incorporate the httponly or secure accordingly ?
Could anyone please advise how can we do this ?

Thanks in advance,
Jatin
--
Regards,
Jatin

dhanashree waghmare

unread,
Mar 26, 2021, 1:42:28 PM3/26/21
to ATG_Tech
Did anyone find solution for this issue? We are trying to add samesite=none and secure to ATG OOTB cookies. 

Wilco Boumans

unread,
Mar 27, 2021, 4:02:35 AM3/27/21
to atg_...@googlegroups.com
Hi

We solved it on webserver level by rewriting the cookie there. 

Wilco

Op 26 mrt. 2021 om 18:42 heeft dhanashree waghmare <dhanashre...@bedbath.com> het volgende geschreven:

Did anyone find solution for this issue? We are trying to add samesite=none and secure to ATG OOTB cookies. 
--
--
You received this message because you are subscribed to the Google Groups "ATG_Tech" group.
To post to this group, send email to atg_...@googlegroups.com
To unsubscribe from this group, send email to atg_tech-u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/atg_tech?hl=en
---
You received this message because you are subscribed to the Google Groups "ATG_Tech" group.
To unsubscribe from this group and stop receiving emails from it, send an email to atg_tech+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/atg_tech/76b5152b-c2af-4e08-9198-c1458d058d6dn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages