1. Security Guide
  2. Security Guide
  3. Secure Installation and Configuration
  4. Provide Security for Session-Tracking Cookies

Provide Security for Session-Tracking Cookies

You can use the XML session-tracking element to provide security for the RDC Onsite Lite Browser session-tracking cookies.

In the orion-web.xml file, you can configure the following flags (attributes) for the session-tracking element:

  • set-secure — Requests that your Internet browser only honor the HTTPS protocol to access Web sites. If you set the secure flag to true, users must enter https:// to access Web sites. Entering http:// will not work.
  • HttpOnly — Requests that your Internet browser honor only the HTTP and HTTPS protocols to access Web sites. Other protocols, such as FTP, will not work.

Note:

If you configure the secure and HttpOnly flags for session-tracking cookies, you must make the changes on all servers in a load-balanced environment.

Once you complete the above changes, access to the application using HTTP will not work. Users will be forced to use HTTPS only.

Parent topic: Secure Installation and Configuration