000029199 - Do FIM cookies support settings secure and httponly attributes ?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029199
Applies ToProduct Description: RSA Federated Identity Manager (FIM)  4.2 Service Pack 1 
FIM 4.2.1
IssueCustomer on FIM 4.1 reported the FIM cookie had neither the Secure nor the HTTPOnly flags set. 
ResolutionIn FIM 4.2 SP1 an environmental variable was added to append the secure  attribute to the cookie. 
 It is documented in the install guide.
set JVM_OPTIONS=”-Dfim.securecookie.flag=true”
As of this 4.2 SP1  release there is no feature to support setting the httponly attribute on the FIM cookies