Environment
Situation
Since the release of Internet Explorer 6 SP1, some security enhancements were added to the IE logic to prevent setting of cookies using standard APIs and, more importantly, preventing cross scripting attacks. By implementing the HTTPOnly cookie attribute when setting the session cookie, one can prevent any access to session cookie from within a script.
If the HttpOnly attribute is included in the response header, the cookie is still sent when the user browses to a Web site in the valid domain. The cookie cannot be accessed through a script in Internet Explorer 6 SP1, even by the Web site that set the cookie in the first place. This means that even if a cross-site scripting bug exists, and the user is tricked into clicking a link
that exploits this bug, Windows Internet Explorer does not send the cookie to a third party. The information is safe.
Resolution
The Linux Access Gateway must be restarted in order to get the desired functionality. Use the following command to restart when a touch file is created or removed:
/etc/init.d/novell-vmc stop
/etc/init.d/novell-vmc start