Novell Remote manager sets an HttpOnly cookie attribute that specifies that the cookie is not accessible through a script. This helps mitigate the risk of cross-site scripting.
If the HttpOnly flag is included in the HTTP response header, the cookie cannot be accessed through a client side script.
If you modify the setting, you must restart Novell Remote Manager.
HttpOnly <true|false>
|
Option |
Use |
|---|---|
|
true |
Include HttpOnly as an attribute in the response header. This is the default setting. |
|
false |
Do not include HttpOnly in the response header. |
To disable the HttpOnly attribute:
Log in to the server as the root user, then open a terminal console.
Stop the httpstkd daemon by entering
rcnovell-httpstkd stop
Open the /etc/opt/novell/httpstkd.conf file in a text editor.
Review the potential security concerns for changing HttpOnly to false.
Change the setting from
HttpOnly true
to
HttpOnly false
Save the file and exit the text editor.
Start the httpstkd daemon by entering
rcnovell-httpstkd start
HttpOnly true HttpOnly false