Enhance the CA Single Sign On WebSphere Application Server Agent to allow HTTPONLY cookies

Idea created by Josh Perlmutter on Aug 1, 2016
    Under review
    Score4
    • Joseph_Lutz
    • J_Mattingly
    • Pete_Burant
    • Josh Perlmutter

    In a recent install i found two cookies being set. i opened a case and found the reason is that the ASA does not support HTTPONLY cookies. for a security product not to allow a security setting is shocking. my company mandates use of httponly flag for security. please enhance the WebSphere ASA R12.0 line and later to allow for httponly flag setting