disable HTTPOnly flag for session cookie - no authentication protocol
-
Thursday, October 04, 2012 9:54 PM
I'm trying to disable the HTTPOnly flag for a session cookie in TMG 2010. The java applet works fine inside the firewall, but not thru the firewall. The listener authentication method is none an is handled by the Websphere server. When i do a java trace through the ISA server it keeps adding the HTTPOnly flag and the application is not working. I've seen the following articles, but i don't believe they apply as my authentication method is set to none and the TMG server is not load balanced.
http://support.microsoft.com/kb/937185
http://support.microsoft.com/kb/933869
Thank you,
Bryan
All Replies
-
Monday, October 08, 2012 7:20 AMModerator
Hi,
Thank you for the post.
As far as i know, it is possible to deactivate HTTPOnly flag, please read the section of ” Step 7: Disable HTTPONLY flag on ISA” : http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/3ba47668-679b-43bc-8247-09cc7f0ecee2/
Regards,
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, October 18, 2012 1:26 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, November 12, 2012 2:19 AM
-
Monday, October 08, 2012 6:52 PM
Thanks Nick. I wasn't sure if this was only for Forms Based Authentication only. I did this already and still get the HTTPOnly Flag in the header. I'll give it another try.
Thank you,
Bryan
.png)
