Hi,

I am using AG 3.2 SP2 IR2 version. Requirement is to set request cookies
(i.e JSESSIONID,.. etc) secure and httponly.
I am able to mark these cookies secure and httponly in response but
unable to do that in request.
scenario is:
open fresh browser : when first request comes there is no request
cookies.
when second request comes there are multiple cookies (i.e. JSESSIONID,
ZNPC...,IPCZ..) in request and none of secured and httponly. Now here i
wanted to make them secure and httponly when second request comes in.

but when response comes for the request these cookies marked as secured
and httponly.

I tried multiple options:
1.To enable this option:In the Administration Console, click
Devices>Access Gateways>Edit>Reverse Proxy /Authentication
Enable the Force HTTP-Only Cookies option, then click OK
Update the Access Gateway

2. In the Administration Console, click Devices>Access
Gateways>Edit>Reverse Proxy /Authentication
Enable Secure Cookies and Httponly.

3.
Add the following parameters in web.xml after the ldapLoadThreshold
context param :
<context-param>
<param-name>secureClusterCookie</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>httponlyClusterCookie</param-name>
<param-value>true</param-value>
</context-param>

To set the cluster cookies in ESP, you must add the following parameter
in the NESP web.xml and restart Tomcat:
Add the following parameters in the web.xml below the ldapLoadThreshold
context param :
<context-param>
<param-name>httponlyClusterCookie</param-name>
<param-value>true</param-value>
</context-param>


But nothing worked for me.

Please suggest where can we create secure request cookies or not in
NAM.

Thanks,
Vaibhav


--
vaibhavkhare
------------------------------------------------------------------------
vaibhavkhare's Profile: https://forums.netiq.com/member.php?userid=5266
View this thread: https://forums.netiq.com/showthread.php?t=52188