Last post Apr 04, 2017 11:07 PM by mgebhard
Apr 04, 2017 07:28 PM|EssCee|LINK
I have read that cookies used on a site (especially if you have forms authentication) should be secure especially if you dont use https. To add the SSL you should have
<httpCookies requireSSL="true" />
within you config.
Does anyone have any recommendations on this? Should i use this setting as a default for all my sites or can it be avoided if using https? Any problems that anyone has experienced by enabling this configuration?
Apr 04, 2017 11:07 PM|mgebhard|LINK
The requireSSL="true" setting requires SSL (HTTPS) otherwise cookies will not work.
Please see the following doc.