Add the possibility to mark a cookie as httpOnly through the default SetCookie function

on 20 Jan 2020
Platform Server Release Oct.2019 CP4


With the default SetCookie function it's possible to mark a cookie as secure but not as httpOnly.
The cookies set by OutSystems itself are marked as httpOnly but my own cookies set with the SetCookie functie are not.

I have contacted another developer who has made a clone of the SetCookie function so it can be done. But of course I would like to use the standard functionality for future updates.

Please have a look at this thread: https://www.outsystems.com/forums/discussion/37834/set-outsystems-cookies-httpponly/#Post164038

Can this functionality be added to the standard SetCookie function or can you tell me how to do it another standard way?

Created on 11 Feb 2019
Comments (12)

Changed the category to Builtin & User functions and the status to

On our radar


In addition, setting the secure flag of a cookie would also be a nice option for the SetCookie function.

I know the Factory Configuration component allows setting all cookies as secure, but adding this option to the SetCookie function would leave developers more flexible on deciding which cookies to set as secure, and which as httpOnly for that matter.

Hi Nordin,

You can make a cookie secure by adding ; secure after the value of the cookie, so:

CookieValue=myData; secure

I found out of you directly do a GetCookie call after the SetCookie you get the value back with the ; secure in it. Be aware of that, I made a function to strip that.

Hope this helps.

I agree just a parameters IsSecure would be better.

Cool, thanks Johan! I didn't know about that.

Indeed, an IsSecure parameter would be a cleaner solution.

I see this is "on radar" for more than an year now. Do we have where thsi is in the roadmap? Any timeline?

Oh forgot to change the status on this one.

It's already be done in O11 since the begging on the year. Check the release notes for RTAF-1774.

Changed the category to Frontend and the status to

on 01 Jan 1970


Glad, that my post triggerred the idea to be marked as implemented. However just noticed the date of implementation is Jan 1, 1970 :)

Yeah, I noticed. Was my fault that didn't fill the date when I changed the status.

Already fixed it, but it didn't change the above message.

No Problem. Thanks Joao for the udpate!

Cool that my idea was implemented !

Nice, congrats Johan!