We’ve recently had a security audit run on our business, and have been advised that our webchat service (provided via Fastpath & Wildfire) is utilising cookies without the HTTPONLY & SECURE flags set.
I’ve plenty of poking around & googling without much success in actually understanding how I should be enabling this…
We are using IIS, with RESIN providing the JSP stuffs via the ISAPI plugin.
I’m confused as to whether I should be setting this within IIS, RESIN, or perhaps the Fastpath JSP itself?
Any and all help on this would be much appreciated!