cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cookie does not contain the "secure" attribute even with 6.5 upgrade

joseph_wendl
Helper

Hi all,


One of our customers is failing a Qualys scan due to "Cookie does not contain the 'secure' attribute" over port 443/tcp (screenshot below)




We had believed that with the upgrade to 6.5, and the addition of the new UEM option "Add the "Secure" attribute to the Dynatrace session cookie (dtCookie)" enabled, this would clear up. Upon enabling this option and running a new scan, we have found that this issue is still persistent.


We are wondering if anyone has dealt with this since the 6.5 upgrade or has any remediation for how we can go about this?


Thanks,


Joe

2 REPLIES 2

joseph_wendl
Helper

Thanks to @James K., this piece of support documentation was found: https://support.dynatrace.com/supportportal/browse...

Essentially the work around is to enable a debug flag that works as a workaround for this. (this is currently a known issue)

Thank you for your help James! 🙂

JamesKitson
Dynatrace Leader
Dynatrace Leader

In case anyone without access to the support ticket is interested this is the relevant info from it. Note that this is a temporary workaround if you are on the latest update and still have this issue:

Set the following flag in the text field for advanced UEM properties under your User Experience Application.
Please note, you will have to be in DEBUG mode to do so: CTRL+SHIFT+F9

Flag: disableCookieManager=1


Glad that helped!

James