Proxy session cookies store authentication information and other information in the temporary memory that is shared between the browser and the proxy. These cookies are deleted when the browser is closed. However if these cookies are sent through a non-secure channel, hackers might intercept the cookies and impersonate a user on websites. you can use the following configuration options:
You can configure Access Gateway to force the HTTP services to authenticate the cookie set with the keyword secure.
To enable this option, perform the following steps:
On the Home page, click Access Gateways > Edit > Reverse Proxy / Authentication.
Select Enable Secure Cookies.
This option is used to secure a cookie when Access Gateway is placed behind an SSL accelerator, such as the Cisco SSL accelerator, and Access Gateway is configured to communicate by using only HTTP.
Cross-site scripting vulnerabilities in web browsers allow malicious sites to grab cookies from a vulnerable site. Intruders might perform session fixation or impersonate the valid user. You can configure Access Gateway to set its authentication cookie with the HttpOnly keyword to prevent scripts from accessing the cookie.
To enable this option, perform the following steps:
On the Home page, click Access Gateways > Edit > Reverse Proxy / Authentication.
Select Force HTTP-Only Cookies.