Exchange 2010 cookie

Posted on 2014-08-29
Last Modified: 2014-09-09
Dear Experts,

we have Exchange 2010 SP2 running on server 2008R2,

How can you ensure that all cookies  are sent only on SSL-secured connection, if not how to force ssl on it.

Question by:emtechadmin
    LVL 14

    Expert Comment

    Are you referring to the cookies for Outlook Web Access? If so, by default Outlook Web Access is SSL-only anyway so this will already be happening unless you've specifically enabled OWA on standard HTTP.
    LVL 1

    Author Comment

    HI BlueCompute,

    Thanks for your response.

    our customer received below advise form it audit, can you please explain what it means,

    Missing Secure Attribute in Encrypted Session (SSL) Cookie:
    it is best business practice that any cookies that sent over (Set-cookie) an ssl connection to explicitly state secure on them

    LVL 14

    Assisted Solution

    I'd need a bit more information to be honest; that doesn't specify at all where they're seeing this, or even that it's exchange related. You can check for SSL by either browsing to http://your-server-name/OWA and see if it loads the page, or checking in IIS Manager for the Outlook Web Access site, check it's Bindings, and see if it has a non-https binding on port 80.
    LVL 63

    Accepted Solution

    You should have failed the audit on Exchange 2010 SP2 alone. SP2 is no longer supported. You need to upgrade to SP3 to be supported.

    Are you using forms based authentication? If not then you should be.
    Never heard of Exchange failing on a cookie error before.


    Featured Post

    Promote certifications in your email signature

    Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

    Join & Write a Comment

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now