HttpOnly support in ClearQuest Web
Does IBM Rational ClearQuest Web support HttpOnly for enhanced security?
HttpOnly is a security enhancement supported by modern browsers. It reduces the probability of hackers accessing sensitive information stored in cookies, impersonating you, and cross-site scripting (XSS) attacks. You can read more about HttpOnly at this site:
HttpOnly is supported in the following versions and in newer versions of WebSphere and ClearQuest.
- WebSphere 220.127.116.11 (ClearQuest 18.104.22.168)
- WebSphere 22.214.171.124 (ClearQuest 126.96.36.199)
- WebSphere 8.0 (ClearQuest 188.8.131.52)
- For WebSphere 8:
To enable HttpOnly on session management cookies (for example., JSESSIONID), connect to your WebSphere administration console and go to:
Application servers > server1 > Session management > Cookies
Select "Set session cookies to HTTPOnly to help prevent cross-site scripting attacks".
- For WebSphere 7 and WebSphere 6.1
Follow the steps on the link below to set the com.ibm.ws.webcontainer.HTTPOnlyCookies property. It should include JSESSIONID, e.g.
(note - cookies specified here are case-insensitive)
Web container custom properties
More support for:
Web Server (7.1)
Software version: 184.108.40.206, 220.127.116.11
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows
Reference #: 1587440
Modified date: 13 November 2014