Securing the Portal Alias Cookie

Context

We recommend that you set the portal alias cookie to be delivered in secure mode to meet all security standards. This indicates to the browser that the cookie should only be sent using a secure protocol, such as HTTPS or SSL.

Procedure

  1. In SAP NetWeaver Administrator, access the following portal application and service:

    • Portal application: com.sap.portal.navigation.AliasService

    • Service: AliasService

    For information about accessing and configuring portal services in SAP NetWeaver Administrator, see Accessing Portal Services in SAP NetWeaver Administrator .

  2. Set the portal.alias.security.enforce_secure_cookie property value to true .

    This marks the logon ticket as a secure cookie, to enforce that the client browser sends the cookie only when an SSL connection to the J2EE Engine or the reverse proxy is established.

    The default value is false .

  3. Save your changes.