AVG SSL Accelerator and HTTPOnly cookie flag

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • mbeadl
    Aspiring Member
    • Apr 2012
    • 1
    #1

    AVG SSL Accelerator and HTTPOnly cookie flag

    Our SSL appliance seems to be stripping the HTTPOnly flag from the cookie sent from the server. I see it on the unencrypted side but then the flag is not present on the client workstation browsing the site. It is working with an AAS 2424.

    Has anyone been able to make this work and was there a specific setting that needed to be set on the accelerator?

    Mike
    Tags: accelerator, avg, httponly, ssl
  • rshaynes
    Whiz
    .
    • Mar 2010
    • 27
    #2
    The VPN Gateway SSL acceleration mode currently does not support adding the httponly flag on client-side connections and will remove (strip) any httponly flag sent by a server towards the client.

    We are aware that this lack of support has implications for cross-site scripting exploitation (depending on the content being access via the secure connection) and PCI compliancy and are considering introducing this feature/function in a future release.

    Comment

    Previous template Next
    Loading