Session cookies do not have HTTPOnly flag set

  • Document ID:7021130
  • Creation Date:29-Jul-2017
  • Modified Date:16-Aug-2017
    • Micro Focus Products:
      Filr

Environment

Micro Focus Filr 3

Situation

Session cookies (JSESSIONID) are set when accessing Filr via the Web browser. These cookies have the option to enable the HTTPOnly flag which is not enabled.

Resolution

A fix for this issue is available in the Filr 3.2.1 Update. With the fix in place, the session cookie (JSESSIONID) is set with 'Accessible to Script' : No (HttpOnly).