Enabling the HTTPOnly parameter to secure the CAM passport cookie

CAM passport identifies the user's web browser session with the server. Administrators can set the HTTPOnly attribute to block scripts from reading or manipulating the CAM passport cookie during a user's session with the web browser.

About this task

Enabling the HTTPOnly attribute prevents malicious scripts from stealing the user's session identity. When an administrator sets this attribute, the web browser can use the session cookie only to send HTTP requests to the server.

If you want to enable the HTTPOnly attribute, ensure that the users have a web browser that supports this attribute.

Procedure

  1. Go to IBM® Cognos® Administration.
  2. On the Status tab, click System.
  3. In the Scorecard pane, from the System drop-down menu click Set properties.
  4. Click the Settings tab.
  5. From the Category list, select Environment.
  6. For the HTTPOnly Cookie Support parameter, select the corresponding check box in the Value column.
  7. Click OK.