Symptom
When viewing an HTTP response from the /BOE application, it is observed that the cookie is not secured (secure flag is missing):
example:
Set-Cookie: InfoViewPLATFORMSVC_COOKIE_TOKEN=; Path=/; HttpOnly;
vs.
Set-Cookie: InfoViewPLATFORMSVC_COOKIE_TOKEN=; Path=/; HttpOnly; Secure
Read more...
Environment
- SAP BI 4.x (4.1, 4.2, 4.3)
- Tomcat 7, 8, 8.5, 9.0 (All PAM supported Tomcat servers)
Product
Crystal Reports 2008 V1 ; SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3 ; SAP Crystal Server 2013 ; SAP Crystal Server 2016 ; SAP Crystal Server 2020
Keywords
JSESSIONID, cookie, secured, usehttponly, security, session, , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.