Portal uese unique identifier SESSIONID during login process .
This parameter is transferred by using cookies. This does not use the following
HttpOnly - prevents form JavaScript to read sensitive data.
Secure - prevents from browser to send cookie via HTTP
To ensure that unique identifier SESSIONID is both secure and HttpOnly
1) Make a backup copy of and then edit this file:
/opt/Deployments/lrs/server/conf/server.xml
2) Change this section:
<Connector port="37080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="50443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
compression="on"
compressableMimeType="text/plain,text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript"
/>
to this:
<Connector port="37080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="50443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
compression="on"
compressableMimeType="text/plain,text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript"
secure="true"
/>
and save the edited file.
3) Make a backup copy of and then edit this file:
/etc/httpd/conf/httpd.conf
4) Add this line (for example, to the end of the file as a new line):
Header edit Set-Cookie (.*) "$1; HttpOnly"
and save the edited file.
5) Run these commands to put the change into effect:
# /opt/Deployments/lrs/server/bin/catalina.sh stop
# service httpd restart
# /opt/Deployments/lrs/server/bin/catalina.sh start