Avaya Support Forums

Avaya Support Forums (http://support.avaya.com/forums/index.php)
-   Avaya Networking Products (http://support.avaya.com/forums/forumdisplay.php?f=25)
-   -   AVG SSL Accelerator and HTTPOnly cookie flag (http://support.avaya.com/forums/showthread.php?t=1702)

mbeadl 05-08-2012 07:58 AM

AVG SSL Accelerator and HTTPOnly cookie flag
 
Our SSL appliance seems to be stripping the HTTPOnly flag from the cookie sent from the server. I see it on the unencrypted side but then the flag is not present on the client workstation browsing the site. It is working with an AAS 2424.

Has anyone been able to make this work and was there a specific setting that needed to be set on the accelerator?

Mike

rshaynes 05-31-2012 08:59 AM

The VPN Gateway SSL acceleration mode currently does not support adding the httponly flag on client-side connections and will remove (strip) any httponly flag sent by a server towards the client.

We are aware that this lack of support has implications for cross-site scripting exploitation (depending on the content being access via the secure connection) and PCI compliancy and are considering introducing this feature/function in a future release.


All times are GMT -7. The time now is 02:19 PM.