Can SiteMinder session cookies be configured to be issued with the Secure flag?


Article ID: 14693


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


Can SiteMinder session cookies be configured with the Secure flag? If yes, how we can do it?


Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus


The UseSecureCookies Agent Configuration Object (ACO) parameter to create secure cookies in SiteMinder Web Agent to be sent between a protected web server and the browser over secure (HTTPS) connections. This parameter will add the Secure flag to SiteMinder session cookies if the value is set to YES.

When this setting is enabled, users in Single Sign-On environments who move from an SSL web server to a non-SSL web server will have to re-authenticate. Secure cookies cannot be passed over traditional HTTP connections.

Additional Information

More information : Set Secure Cookies