SAP Knowledge Base Article - Preview

1898697 - httponly and secure flag options for BI Launchpad cookies

Symptom

When viewing an HTTP response from the /BOE application, it is observed that the cookie is not secured (secure flag is missing):

example:

Set-Cookie: InfoViewPLATFORMSVC_COOKIE_TOKEN=; Path=/; HttpOnly;

vs.

Set-Cookie: InfoViewPLATFORMSVC_COOKIE_TOKEN=; Path=/; HttpOnly; Secure

 


Read more...

Environment

  • SAP BI 4.x (4.1, 4.2, 4.3)
  • Tomcat 7, 8, 8.5, 9.0 (All PAM supported Tomcat servers)

Product

Crystal Reports 2008 V1 ; SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3 ; SAP Crystal Server 2013 ; SAP Crystal Server 2016 ; SAP Crystal Server 2020

Keywords

JSESSIONID, cookie, secured, usehttponly, security, session, , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.