[Mono-list] HttpOnly cookies flag supported?
james.wright at jigsawdezign.com
Fri Oct 4 17:25:57 UTC 2013
Nope, it's definitely "httpOnly", as in the browser will not let
client-side script access the cookie (the cookie is only for being sent
with each request).
I think you are thinking of "requireSSL" which instructs the web
browser to only send the cookie over HTTPS and not unencrypted HTTP
On 04/10/2013 17:01, Ian Norton wrote:
> Do you mean httpsonly?
> On 4 Oct 2013 16:51, "James Wright" <james.wright at jigsawdezign.com
> <mailto:james.wright at jigsawdezign.com>> wrote:
> I've added the following piece of config to my Web.config to
> default the FormsAuthentication cookie as HttpOnly;
> <httpCookies httpOnlyCookies="true" />
> However the authentication cookie still does not show as being
> marked as HttpOnly when looking at it with FireBug.
> Is this a known issue or bug in Mono? Have i missed something
> OS: Amazon Linux
> Mono: 3.2.0
> .NET runtime: 4.5
> Framework: ASP.NET <http://ASP.NET> MVC2.0
> Mono-list maillist - Mono-list at lists.ximian.com
> <mailto:Mono-list at lists.ximian.com>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-list