Authentication cookie

Informatica Product 360 Media Manager Web use Tomcat as servlet container. Tomcat use a cookie called JSESSIONID for session handling.

To secure the JSESSIONID cookie the following attributes are set by default and can be adjusted if necessary:

cookie attribute	default value	configuration file	parameter	Notes
HttpOnly	true	OpasGWebServer\Tomcat\webapps\opas\WEB-INF\web.xml	`<web-app>` `<session-config>` `<cookie-config>` `<http-only>true</http-only>` `</cookie-config>` `</session-config>` `</web-app>`
Secure	false	OpasGWebServer\Tomcat\webapps\opas\WEB-INF\web.xml	`<web-app>` `<session-config>` `<cookie-config>` `<secure>false</secure>` `</cookie-config>` `</session-config>` `</web-app>`	Value can be changed to `true` if the application is only used with https. Value needs to be `false` as long as the application is used with http.
SameSite	strict	OpasGWebServer\Tomcat\webapps\opas\META-INF\context.xml	`<Context>` `<CookieProcessor` `sameSiteCookies="strict"` `/>` `</Context>`	Value needs to be change if the application should be integrated in other web applications.