[MGNLPN-250] Visitor cookie - not possible to make HttpOnly or secure Created: 12/Apr/16  Updated: 02/Aug/22  Resolved: 03/Feb/17

Status: Closed
Project: Magnolia Personalization
Component/s: None
Affects Version/s: None
Fix Version/s: 1.4.2

Type: Bug Priority: Neutral
Reporter: Mariusz Chruscielewski Assignee: Maxime Michel
Resolution: Fixed Votes: 1
Labels: support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
dependency
depends upon MAGNOLIA-6913 Servlets 3.0 upgrade Closed
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Release notes required:
Yes
Documentation update required:
Yes
Date of First Response:
Visible to:
Stef te Winkel
Sprint: Basel 80, Basel 82
Story Points: 5

 Description   

Hi.

Part of personalization module is Visitor Cookie Filter, which creates Cookie that is not secured and not marked as HttpOnly - I think there should be a way to configure that from magnolia configuration - for now we can only override a filter class.



 Comments   
Comment by Philip Mundt [ 17/Jan/17 ]

Make sure the cookie-feature of the travel-demo is not affected by the httpOnly=true setting.

Generated at Mon Feb 12 06:35:48 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.