Enabling the HTTPOnly parameter

Enabling the HTTPOnly attribute prevents malicious scripts from stealing a user's session identity.

About this task

Administrators that want to enable this attribute must ensure that users have a web browser that supports the HTTPOnly attribute.

Procedure

  1. Launch IBM Cognos Administration.
  2. On the Status tab, click System.
  3. In the upper left corner of the Scorecard pane, click the arrow to view the Change view menu, point to Services. The Set properties page appears.
  4. Click to enable the Disallow browser scripts from accessing the passport session cookie.
  5. Click OK.
Parent topic: Secure the CAM Passport Cookie