nishita_jain Absent Member.
Absent Member.
259 views

Secure Cookies


Hi,
We are using NAM 3.1 SP4 for the first time in our project. Its an
e-comm web based application.
One objective is to ensure the security of all cookies. The guide talks
about various options, I tried and JSESSIONID were secured. Some other
cookies were tagged secure and httponly. Still I can see some cookies
like "CSMSESSIONID" and "LB-APP_Alternate_Proxy" that are not secure.
"APP_Alternate_Proxy" is the name of proxy service that I have
configured to protect my application's URL. After success login I
redirect it to IIS.
Any idea what are these two cookies and how to secure them?
Thanks!!


--
nishita_jain
------------------------------------------------------------------------
nishita_jain's Profile: http://forums.novell.com/member.php?userid=124011
View this thread: http://forums.novell.com/showthread.php?t=453331

0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Secure Cookies

nishita jain wrote:

>
> Hi,
> We are using NAM 3.1 SP4 for the first time in our project. Its an
> e-comm web based application.
> One objective is to ensure the security of all cookies. The guide
> talks about various options, I tried and JSESSIONID were secured.
> Some other cookies were tagged secure and httponly. Still I can see
> some cookies like "CSMSESSIONID" and "LB-APP_Alternate_Proxy" that
> are not secure. "APP_Alternate_Proxy" is the name of proxy service
> that I have configured to protect my application's URL. After success
> login I redirect it to IIS.
> Any idea what are these two cookies and how to secure them?
> Thanks!!


I dont think NAM will secure any cookies set by the application as that
is the responbility of the application rather than NAM.

--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.