There are two properties to set OAAM cookies Secure and HTTPOnly.
- "oaam.cookies.secure" property can be "true" or "false". By default property value always "false". If all OAAM cookies needed to be secure make this property "true".
- "oaam.cookies.httponly" property is "true" by default.
It's always good practice to have both true as it prevents sending the cookie over the network in clear text.
Thanks
Siva Pokuri.
No comments:
Post a Comment