Nope, it's definitely "httpOnly", as in the browser will not let
client-side script access the cookie (the cookie is only for being sent
with each request).
I think you are thinking of "requireSSL" which instructs the web
browser to only send the cookie over HTTPS and not unencrypted HTTP
connections.
James
On 04/10/2013 17:01, Ian Norton wrote:
Do you mean httpsonly?
On 4 Oct 2013 16:51, "James Wright" <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I've added the following piece of config to my Web.config to
default the FormsAuthentication cookie as HttpOnly;
<system.web>
...
<httpCookies httpOnlyCookies="true" />
...
</system.web>
However the authentication cookie still does not show as being
marked as HttpOnly when looking at it with FireBug.
Is this a known issue or bug in Mono? Have i missed something
obvious?
Thanks,
James
OS: Amazon Linux
Mono: 3.2.0
.NET runtime: 4.5
Framework: ASP.NET <http://ASP.NET> MVC2.0
_______________________________________________
Mono-list maillist - [email protected]
<mailto:[email protected]>
http://lists.ximian.com/mailman/listinfo/mono-list
_______________________________________________
Mono-list maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list
