emtechadmin
asked on
Exchange 2010 cookie
Dear Experts,
we have Exchange 2010 SP2 running on server 2008R2,
How can you ensure that all cookies are sent only on SSL-secured connection, if not how to force ssl on it.
Thanks
we have Exchange 2010 SP2 running on server 2008R2,
How can you ensure that all cookies are sent only on SSL-secured connection, if not how to force ssl on it.
Thanks
Are you referring to the cookies for Outlook Web Access? If so, by default Outlook Web Access is SSL-only anyway so this will already be happening unless you've specifically enabled OWA on standard HTTP.
ASKER
HI BlueCompute,
Thanks for your response.
our customer received below advise form it audit, can you please explain what it means,
Missing Secure Attribute in Encrypted Session (SSL) Cookie:
it is best business practice that any cookies that sent over (Set-cookie) an ssl connection to explicitly state secure on them
Thanks
Thanks for your response.
our customer received below advise form it audit, can you please explain what it means,
Missing Secure Attribute in Encrypted Session (SSL) Cookie:
it is best business practice that any cookies that sent over (Set-cookie) an ssl connection to explicitly state secure on them
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.