search cancel

Identity Portal unsecure session cookie being seen - Secure Flag not Set on Session Cookie

book

Article ID: 229797

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Portal

Issue/Introduction

Secure Flag not Set on Session Cookie 

-              Cookie flags can be checked/validated in Chrome’s Dev Tools

-              The screen found in the example can be reached by opening Chrome’s DevTools (Option+CMD+J for Mac or Shift+Ctrl+J for Windows/Linux)

-              Navigate to the “Application” tab and click on “Cookies”

Environment

Release : 14.3, VApp 14.3 CP2

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

Secure cookie is available in Identity Portal.  This is not set by default. Once set, a restart of IP is requested. Please see the below.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-3/virtual-appliance/administering-virtual-appliance.html

"Note 2: In Identity Portal, the cookie is by default set to HttpOnly. You can set to secure by inserting the value true in /opt/CA/VirtualAppliance/custom/IdentityPortal/secure-cookie and then restarting Identity Portal."