Jump to content
Welcome to our new Citrix community!

Cookie security=secure


Marek Jurek

Recommended Posts

I have NS10.5: Build 61.11.nc, We have configured LB with Virtual Sever which have Persistence COOKIEINSERT. Everything is working correctly but security scan showed that this cookie have configured HttpOnly but don't have set security=secure. I tried set this using article https://support.citrix.com/article/CTX138055 but it seems that this description shows how to rewrite responses from backend but in my case I need to set secure on NetScaler PersistanceCookie "NSC_cookie".

Could you help me how to do this?

Marek

 

 

 

Link to comment
Share on other sites

I did it before but it didn't help.

After this change cookie is encrypted but security parameter was not set

I need in cookie sent by NetScaler set two parameters: HttpOnly (which is currently set to HttpOnly) and Security set to Secure (but this parameter don't exist in cookie send by Netscaler).

What else  I should to do to fix this security issue?

Link to comment
Share on other sites

You pointed me to article which was mentioned by me that it didn't help because as you can read:

From the method mentioned in this article only server generated cookies can be rewritten, not the cookies generated by NetScaler Appliance

So I'm still looking for solution.

Link to comment
Share on other sites

  • 1 year later...
  • 1 month later...

The fault is with the security scanning software which falsely identifies this as a vulnerability.  Even so, I have submitted a Request for Feature Enhancement RFE to add this as an option for VServers with an SSL protocol and persistenceType of COOKIEINSERT

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...