Session cookies do not have HTTPOnly flag set

  • 7021130
  • 29-Jul-2017
  • 16-Aug-2017


Micro Focus Filr 3


Session cookies (JSESSIONID) are set when accessing Filr via the Web browser. These cookies have the option to enable the HTTPOnly flag which is not enabled.


A fix for this issue is available in the Filr 3.2.1 Update. With the fix in place, the session cookie (JSESSIONID) is set with 'Accessible to Script' : No (HttpOnly).