Menu
I have an application that runs on SSL, I have already added the following into my web.config, under System.Web.
<httpCookies requireSSL="true" httpOnlyCookies="true" lockItem="true" />
But I still get one unsecured cookie by the name of "cookieSesssion1". It's not being marked as secure.
Can you please let me know I can mark it as secure.
EDIT: In addition to the Web.config directive, I have the following code in my Global.asax file as well.
protected void Application_EndRequest(object sender, EventArgs e)
{
if (Response.Cookies.Count > 0)
{
foreach (string s in Response.Cookies.AllKeys)
{
Response.Cookies[s].Secure = true;
}
}
}
Following is the screenshot of a firebox debug:
What am I missing, please help
577
The FortiWeb Web Application Firewall (WAF) session cookie named is cookiesession1
For the first HTTP/HTTPS request from a client, FortiWeb embeds a cookie in the response’s Set-Cookie: field in the HTTP header. It is named cookiesession1. (FortiWeb does not use source IP addresses and timestamps alone for sessions: NAT can cloak multiple clients; clocks can be altered.)
http://help.fortinet.com/fweb/537/Content/FortiWeb/fortiweb-admin/http_sessions_security.htm
http://help.fortinet.com/fweb/536/Content/FortiWeb/fortiweb-admin/global_object_white_list.htm
73
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
