Hi
I've got a situation where, to satisfy an external security consultant, we need to set the "secure" and "httpOnly" flags on the DF Cookie.
I'm thinking that this might be done conditional on a database setting so as to only do it when needed, so something like, in SessionManager.wo:
Code:
Object oSessionManager is a cWebSessionManagerStandard
Function CreateSession String sAddr Returns String
String sKey
If ({checkTheDBSetting=True}) Begin
Set pbSessionCookieSecure to True
Set pbSessionCookieHttpOnly to True
End
Forward Get CreateSession sAddr to sKey
Function_Return sKey
End_Function
End_Object
Would this break anything, d' ya think? Is it the correct approach?
Mike