You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.


Blueriq session & cookie

Blueriq Runtime and Publisher are using the HTTP session to store data before it is persisted. As stated by OWASP, the session timeout should be set as low as possible (https://owasp.org/www-community/Session_Timeout). Depending on your infrastructure it is possible to set the Secure flag of the session cookie (https://owasp.org/www-community/controls/SecureCookieAttribute). Both the session timeout and the secure flag can be configured by following the steps in the articles below:

By default Secure flag of the session cookie is disabled.

Enabling the secure session cookie from Blueriq version 14.7 onwards can be done by configuring the following property:

application.properties
blueriq.session.cookie.secure=true

For Blueriq versions 14.6.1 and older, to enable secure session cookies, set an environment variable with the value:

BLUERIQ_SECURE_SESSION_COOKIE=true


Note that the older option will be removed from Blueriq 15.