0
 Followers
5
 Likes

Add the possibility to mark a cookie as httpOnly through the default SetCookie function

Builtin & User functions
On our radar

Hi,

With the default SetCookie function it's possible to mark a cookie as secure but not as httpOnly.
The cookies set by OutSystems itself are marked as httpOnly but my own cookies set with the SetCookie functie are not.

I have contacted another developer who has made a clone of the SetCookie function so it can be done. But of course I would like to use the standard functionality for future updates.

Please have a look at this thread: https://www.outsystems.com/forums/discussion/37834/set-outsystems-cookies-httpponly/#Post164038

Can this functionality be added to the standard SetCookie function or can you tell me how to do it another standard way?

Created on 11 Feb
Comments (4)

Changed the category to Builtin & User functions and the status to

On our radar


 

In addition, setting the secure flag of a cookie would also be a nice option for the SetCookie function.

I know the Factory Configuration component allows setting all cookies as secure, but adding this option to the SetCookie function would leave developers more flexible on deciding which cookies to set as secure, and which as httpOnly for that matter.

Hi Nordin,

You can make a cookie secure by adding ; secure after the value of the cookie, so:

CookieValue=myData; secure

I found out of you directly do a GetCookie call after the SetCookie you get the value back with the ; secure in it. Be aware of that, I made a function to strip that.

Hope this helps.

I agree just a parameters IsSecure would be better.

Cool, thanks Johan! I didn't know about that.

Indeed, an IsSecure parameter would be a cleaner solution.

views
153
Followers
0