AnsweredAssumed Answered

API Connector development: Is there a way within a connector to access the cookie information (it contains the JSESSIONID) even when the attribute "httponly" is set for the cookie in the http response or is this a general limitation ?

Question asked by ludgerlindemann8421 on Apr 8, 2015
Latest reply on Jun 28, 2016 by James Ahlborn

We need some clarification regarding cookie access and the "httponly" cookie atttribute in the http header.
We notice the following:
The connector needs to be able to access the cookie information (JSESSIONID). This seems to be only possible,
as long as the the response that is send from the API server does not contain a cookie where the "httponly" attribute is set.
Example :
If the attribute is set (excerpt from the http header):
Set-Cookie: JSESSIONID=xxxxxxx; Secure;HttpOnly;
the process will fail, since the JSESSIONID can not be read.

 

Is this the intended behavior in boomi ?
Is there a way to control the behavior in boomi, so that it would be possible to evaluate the cookie for this connector, even if the attribute "httponly" is set ?
Thanks !

Outcomes