SiteMinder Webagent : (ACO) parameter 'UseHTTPOnlyCookies' to protect against cross site scripting attacks
search cancel

SiteMinder Webagent : (ACO) parameter 'UseHTTPOnlyCookies' to protect against cross site scripting attacks

book

Article ID: 51256

calendar_today

Updated On: 02-07-2025

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

The Agent Configuration Object (ACO) parameter 'UseHTTPOnlyCookies' helps protect against cross-site scripting attacks using an 'HTTP-Only' cookie attribute .

 

Environment

Release:
Component: SMSUN

Resolution

To help protect against cross-site scripting attacks , you can make the Web Agent set the HTTP-Only attribute for any cookies it creates using the following parameter: UseHTTPOnlyCookies.

Additional information on protecting data with HTTP-only Cookies can be obtained from the MSDN website at:
http://msdn.microsoft.com/en-us/library/ms533046(VS.85).aspx

The HTTP Only attribute specified that a cookie not be accessible through script. To correspond with this attribute, The Agent Configuration Object (ACO) parameter "UseHTTPOnlyCookies" to create HTTP-Only cookies in SiteMinder web agent. This parameter adds a HTTP-Only flag to all SiteMinder cookies if the value is set to YES. 

 

Powered by Wolken Software