Forum Discussion
Hi Danny,
could you please elaborate some additional details, about "breaks the site with a "Secure Connection Failed"? Is this error message generated in the LTM logfiles, or is this an error message generated on the client side?
Assuming that the iRule works fine and doesn't raises an TCL error. Then the HttpOnly flag would instruct your browser to protect the cookie in such a way, that the cookie could only be accessed when requesting HTTP(S) content. But not directly access using scripting languages (e.g. JScript) nor other programs.
Enabling the HttpOnly flag is one of the best defenses to counter Cross-Site-Scripting (XSS) attacks on sesitive cookie information. But on the other hand may break your application, if certain "friedly" JScripts have to access the raw cookie information/data...
Cheers, Kai