SAP Knowledge Base Article - Preview

3556449 - Cookie ouc<xxxxx>_anchor has no HttpOnly flag

Symptom

During vulnerability test against site created in Cloud Portal Service in NEO, notice there is cookie with name format ouc<xxxxx>_anchor which has no HttpOnly flag set. See following image as an example:

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."


Read more...

Environment

  • Business Technology Platform - BTP
  • Cloud Portal Service on NEO - CPP on NEO

Product

BTP all versions

Keywords

var anchorCookie, encodeURIComponent, http only, attribute, flpnwc, anchorCookie, anchor cookie, btp, flp, portal, cloud portal, cpp, BTP@FLP, FLP@BTP, ?hc_login , KBA , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , EP-CPP-NEO-FS , Freestyle sites , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.