AWI doesn't have secure attribute on JSESSIONID cookie

search cancel

AWI doesn't have secure attribute on JSESSIONID cookie

book

Article ID: 437205

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Pen test showed that the AWI URL,https://automic:8443/awi, doesn't have the "secure" attribute on JSESSIONID cookie set.

Cause

DE180620 and DE183398

Resolution

Solution:

Update to a fix version listed below or a newer version if available.

Fix version:

Component(s): AWI

Automation.Engine 24.4.4 HF1 - Available
Automation.Engine 24.4.5 - Planned release June 2026
Automation.Engine 26.1.0 - Planned release June 2026

Additional Information

Note that this fix is a byproduct of DE183398 which has the Public Description: A problem has been fixed that avoids inconsistent session cookies. As a consequence, there is no separate public description.

Feedback

thumb_up Yes

thumb_down No