Can SiteMinder session cookies be configured to be issued with the Secure flag?

Document ID : KB000014693
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Can SiteMinder session cookies be configured with the Secure flag? If yes, how we can do it?

Answer:

The UseSecureCookies Agent Configuration Object (ACO) parameter to create secure cookies in SiteMinder Web Agent to be sent between a protected web server and the browser over secure (HTTPS) connections. This parameter will add the Secure flag to SiteMinder session cookies if the value is set to YES.

When this setting is enabled, users in Single Sign-On environments who move from an SSL web server to a non-SSL web server will have to re-authenticate. Secure cookies cannot be passed over traditional HTTP connections.

Additional Information:

More information : Set Secure Cookies