By default, Identity Server and ESP cluster cookies do not have any secure or HTTPOnly flags.
To enable secure or HTTPOnly cookie, perform the following steps:
Click Devices > Identity Servers > Edit > Options > New.
Specify the following details:
|
Property Type |
Property Value |
|---|---|
|
SECURE CLUSTER COOKIE |
Select true. |
|
HTTP ONLY CLUSTER |
Select true. |
Click OK.
Restart Tomcat.
NOTE:The secure cookies cannot be configured for ESP cluster as the communication between Access Gateway and NESP is over HTTP on the loopback interface.