Symptom
We have performed an HP Fortify security scan of our ODP apps, and the scan raised the issue for cookies not having the HTTPOnly property set.
- Can the HTTPOnly property be set for SMP cookies?
- Should this property be set to increase security?
Read more...
Environment
- Windows 2008R2
- SAP Mobile Platform (SMP) 2.3.x, 3.0.x
- Online Data Proxy (ODP) application
Product
SAP Mobile Platform 2.3 ; SAP Mobile Platform 3.0
Keywords
KBA , cross-site-scripting , xss , x-sup-sessid , kapsel , saml , cookie , javascript , maf , registration , MOB-SDK , SAP Mobile SDK , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.