IBM Support

Setting the HTTPOnly and Secure Flags on WebSphere Application Server Cookies

Question & Answer


Question

How do I configure the 'HTTPOnly' and 'Secure' flags for cookies managed by WebSphere Application Server traditional?

Answer

The WebSphere product manages several cookies including LtpaToken2, WASReqURL, and JSESSIONID. The following settings can be toggled to set values for the Secure and HTTPOnly flags.

Note: For WebSphere Liberty, review this related document: Setting the HTTPOnly and Secure Flags on WebSphere Liberty Cookies

LtpaToken2 and WASReqURL:

JSESSIONID:

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0;8.5","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
08 July 2021

UID

swg21422185