Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to set HTTPOnly attribute on cookies

tim_alsop
Active Contributor

‎06-10-2016 2:20 PM

0 Kudos

Hi


We know that cookies created by SAP software can have HTTPOnly attribute set using the icf/set_HTTPonly_flag_on_cookies profile parameter.


However, we want to set HTTPOnly flag on the cookies we create in our software, but the SET_COOKIE() method doesn't have any parameters to set HTTPonly attribute. Can anyone suggest the best way to set HTTPOnly attribute on a cookie programatically?

Thanks

Tim

2 REPLIES 2

mvoros
Active Contributor

‎06-10-2016 6:08 PM

0 Kudos

Hi,

I haven't tested this but based on this

http://help.sap.com/saphelp_nw70ehp2/helpdata/en/BB/1BCF2122FD4A76948816B1342F20D7/frameset.htm

you should be able to force HTTP only flag on all cookies using icf/set_HTTPonly_flag_on_cookies.

Cheers

tim_alsop
Active Contributor
In response to mvoros

‎06-12-2016 10:43 AM

0 Kudos

We found that setting icf/set_HTTPonly_flag_on_cookies works for cookies created by SAP NetWeaver ICF code, but if our code is calling set_cookie() to set a cookie, then the HTTPOnly flag is not set.