This issue was addressed in 7.0.3
From: Muro, Matthew [mailto:matt_m...@harvard.edu]
Sent: Tuesday, July 17, 2018 10:12 AM
To: TeraScript-Talk@terascript.com
Subject: Re: TeraScript-Talk: upgrading to High Sierra
Does anyone know of a flag that can be set in server.ini, header.htx
Does anyone know of a flag that can be set in server.ini, header.htx or
elsewhere to force HttpOnly cookies?
We have TrustWave run security audits of our site and it reported the
TeraScript_UserReference cookie as not being httpOnly. Abashedly, we're
still on version 6.
Cookie HttpOnly Flag: