We recommend that you set the portal alias cookie to be delivered in secure mode to meet all security standards. This indicates to the browser that the cookie should only be sent using a secure protocol, such as HTTPS or SSL.
Procedure
In SAP NetWeaver Administrator, access the following portal application and service:
Set the
portal.alias.security.enforce_secure_cookie property value to
true .
This marks the logon ticket as a secure cookie, to enforce that the client browser sends the cookie only when an SSL connection to
the J2EE Engine or the reverse proxy is established.