I'm trying to make a test project and have the problem that I can not find the way to apply the httponly flag to a custom session cookie. Has anyone done this before in PASOE?
It is from the ABL where a output parameter is mapped to a custom "session" cookie and I want to apply the httponly flag to it.
I'm currently using OE 11.6.3. I have not seen a option for the REST transport to apply the httponly flag. Security scanners shows a alert if they detect a "session" cookie without the httponly flag. So every transport method should be able to apply e.g. the httponly flag to a cookie.
Could this be a good candidate for the ideas section? If it isn't possible with the REST or SOAP transport.
I've created a support case for the issue with the cookie flags.
I have created an idea in the idea section for it: