Avaya Support Forums  
HomeContactsHow To Buy

Go Back   Avaya Support Forums > Avaya Networking Products
Reload this Page AVG SSL Accelerator and HTTPOnly cookie flag
FAQ Forum Rules Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-08-2012, 07:58 AM
mbeadl mbeadl is offline
Aspiring Member
  
Join Date: Apr 2012
Posts: 1
mbeadl has 10 reputation points
Default AVG SSL Accelerator and HTTPOnly cookie flag
Our SSL appliance seems to be stripping the HTTPOnly flag from the cookie sent from the server. I see it on the unencrypted side but then the flag is not present on the client workstation browsing the site. It is working with an AAS 2424.

Has anyone been able to make this work and was there a specific setting that needed to be set on the accelerator?

Mike
Reply With Quote
  #2  
Old 05-31-2012, 08:59 AM
rshaynes rshaynes is offline
Whiz
.
  
Join Date: Mar 2010
Location: Eastern Time Zone, United States
Posts: 27
rshaynes has 12 reputation points
Default
The VPN Gateway SSL acceleration mode currently does not support adding the httponly flag on client-side connections and will remove (strip) any httponly flag sent by a server towards the client.

We are aware that this lack of support has implications for cross-site scripting exploitation (depending on the content being access via the secure connection) and PCI compliancy and are considering introducing this feature/function in a future release.
Reply With Quote
Reply

Tags
accelerator, avg, httponly, ssl

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 12:20 PM.

Avaya Support Forums - Archive - Top

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.