hongjun
asked on
Set cookies HttpOnly and Secure
Have added the following in web.config for my SharePoint 2013 website but there are 3 or more cookies that do not seem to respect the below setting.
Cookies:
What else should I do to ensure all SharePoint cookies are set to be HttpOnly and Secure ? This is for security scanning purposes.
<httpCookies httpOnlyCookies="true" requireSSL="true" domain="" lockItem="true" />
Cookies:
- SearchSession
- WOPISessionContext
- WSS_FullScreenMode
What else should I do to ensure all SharePoint cookies are set to be HttpOnly and Secure ? This is for security scanning purposes.
What is setting those cookies? If it is JavaScript in the pages, the settings in web.config have no effect.
ASKER
@Dave
Yes am aware cookies created by JavaScript will have no impact. Do you know how SP creates these cookies then?
Yes am aware cookies created by JavaScript will have no impact. Do you know how SP creates these cookies then?
Which cookies and which application? 'web.config' only controls things done thru the server and probably not even all of them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.