|Applies To||Product Description: RSA Federated Identity Manager (FIM) 4.2 Service Pack 1 |
|Issue||Customer on FIM 4.1 reported the FIM cookie had neither the Secure nor the HTTPOnly flags set.|
|Resolution||In FIM 4.2 SP1 an environmental variable was added to append the secure attribute to the cookie. |
It is documented in the install guide.
As of this 4.2 SP1 release there is no feature to support setting the httponly attribute on the FIM cookies