iaing1000
asked on
web.config secure cookie & httpOnly settings not taking effect
I've set our web.config file on a WP site we've built to have secure cookies but all tests we've run online suggest cookies are still not secure. The httpOnly setting also hasn't taken effect.
The code snippet from the web.config is below and always the PHPSESSID cookie doesn't have these settings
What else do we need to look at to ensure this setting takes effect?
Thanks
Iain
The code snippet from the web.config is below and always the PHPSESSID cookie doesn't have these settings
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
</system.web>What else do we need to look at to ensure this setting takes effect?
Thanks
Iain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help folks and apologies for the long time to respond. Yes, in the end it related to the need to force everything to be secure via HTTPS.
Our deadline had been end of September and so was in a rush when posted on 26th Sept and hadn't time to revisit until now!
Cheers
Iain
Our deadline had been end of September and so was in a rush when posted on 26th Sept and hadn't time to revisit until now!
Cheers
Iain
When you restart your server for the changes to take effect, do you see any errors in the logs as the server loads the configuration file? That might give you a clue. Are you sure that your web.config file is being read by the server at startup/is in the right location? You can try again looking at the logs to see if indicates where it is loading the config file from, or change other settings in there to see if those are taking effect.
I am not an expert on windows servers, or wordpress, but another option would be to set those options in the code.
https://docs.microsoft.com/en-us/dotnet/api/system.web.configuration.httpcookiessection.httponlycookies?view=netframework-2.0#System_Web_Configuration_HttpCookiesSection_HttpOnlyCookies