Strict Cookie Paths

If set to Y, the Path attribute (if present) of any received cookie must be a prefix of the URL setting it, or the cookie will be discarded, as per RFC 2965 3.3.2. This helps prevent one application from altering the cookie(s) of another application on the same server; such isolation may be desired if the applications should be protected from each other. However, typically such cross-path altering is acceptable - e.g. some login systems depend on it - so this setting defaults to N, which also aligns with typical browser behavior. Only available with products using Texis version 6.00.1342215000 201210713 and later; earlier versions effectively behave as if this setting were always Y.


Copyright © Thunderstone Software     Last updated: Mar 7 2019
Copyright © 2019 Thunderstone Software LLC. All rights reserved.