[Mono-list] HttpOnly cookies flag supported?
James Wright
james.wright at jigsawdezign.com
Fri Oct 4 17:25:57 UTC 2013
Nope, it's definitely "httpOnly", as in the browser will not let
client-side script access the cookie (the cookie is only for being sent
with each request).
I think you are thinking of "requireSSL" which instructs the web
browser to only send the cookie over HTTPS and not unencrypted HTTP
connections.
James
On 04/10/2013 17:01, Ian Norton wrote:
>
> Do you mean httpsonly?
>
> On 4 Oct 2013 16:51, "James Wright" <james.wright at jigsawdezign.com
> <mailto:james.wright at jigsawdezign.com>> wrote:
>
> Hi,
>
> I've added the following piece of config to my Web.config to
> default the FormsAuthentication cookie as HttpOnly;
>
> <system.web>
> ...
> <httpCookies httpOnlyCookies="true" />
> ...
> </system.web>
>
> However the authentication cookie still does not show as being
> marked as HttpOnly when looking at it with FireBug.
>
> Is this a known issue or bug in Mono? Have i missed something
> obvious?
>
> Thanks,
> James
>
> OS: Amazon Linux
> Mono: 3.2.0
> .NET runtime: 4.5
> Framework: ASP.NET <http://ASP.NET> MVC2.0
>
>
> _______________________________________________
> Mono-list maillist - Mono-list at lists.ximian.com
> <mailto:Mono-list at lists.ximian.com>
> http://lists.ximian.com/mailman/listinfo/mono-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-list/attachments/20131004/e752643f/attachment.html>
More information about the Mono-list
mailing list