Tuesday, July 25, 2017

OAAM Tips: Enable Secure and HTTPonly to all OAAM cookies

There are two properties to set OAAM cookies Secure and HTTPOnly.

  1. "oaam.cookies.secure" property can be "true" or "false". By default property value always "false". If all OAAM cookies needed to be secure make this property "true".
  2. "oaam.cookies.httponly" property is "true" by default.
It's always good practice to have both true as it prevents sending the cookie over the network in clear text.

Siva Pokuri.

No comments:

Post a Comment