Article - CS287751
Configuration of the HttpOnly and Secure cookie flags in Apache Tomcat for ThingWorx Platform
Modified: 15-Sep-2025
Applies To
- ThingWorx Platform 8.3 to 10.0
- Apache Tomcat
Description
- Will ThingWorx function with HttpOnly / useHttpOnly flag set to true in Apache Tomcat 9.0.x and later
- For security purposes Apache Tomcat should be configured to set the HttpOnly and secure cookie flags
- Penetration testing results recommend that HttpOnly and secure flags be set on cookies in Apache Tomcat
This is a printer-friendly version of Article 287751 and may be out of date. For the latest version click CS287751