Verify WebSphere custom property

About this task

PolicyCenter client-side JavaScript must be able to read the value of the csrfToken cookie.

Procedure

Verify that the WebSphere web container custom property com.ibm.ws.webcontainer.HTTPOnlyCookies is not configured to enable the HTTPOnly attribute on the PolicyCenter csrfToken cookie.

The com.ibm.ws.webcontainer.HTTPOnlyCookies contains a comma separated list of cookies that are given the HTTPOnly attribute. An asterisk value means that all cookies are given the HTTPOnly attribute.