By default, Identity Server and ESP cluster cookies do not have any secure or HTTPOnly flags.
To enable secure or HTTPOnly cookie, perform the following steps:
On the Home page, click Identity Servers > [cluster name] > Configuration > Properties.
Click the Plus icon and set the following properties:
|
Property Type |
Property Value |
|---|---|
|
SECURE CLUSTER COOKIE |
true |
|
HTTP ONLY CLUSTER |
true |
Click Save.
Restart Tomcat.
NOTE:The secure cookies cannot be configured for ESP cluster as the communication between Access Gateway and NESP is over HTTP on the loopback interface.