Re: How to enable "Secure" cookie ?



Please clarify what you are trying to accomplish and secure. You never
indicated what sort of application you are talking about, nor what you
are trying to secure. Security is a state of awareness that is
constantly in flux and changing, not a bunch of static settings to
configure and bam everything is magically secure.

I mean, someone briefly suggested that turning off the computer may be
related to computer security. Why don't you try that as well? ;-)

You can't just ask about "cookies" and "security" in the general. For
example, AspKeepSessionIDSecure property is specific to ASP
applications and handled by ASP.DLL itself. The property is stored in
the IIS metabase, but it is not a "setting in IIS". It is not
applicable to other application frameworks like ASP.Net or PHP.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//


On Dec 6, 6:49 am, "Zester" <z...@xxxxxxxxxxxxx> wrote:
What about AspKeepSessionIDSecure property setting? Somebody briefly
suggested that it might be something related cookie security. What does it
do? thanks!

"David Wang" <w3.4...@xxxxxxxxx> wrote in message

news:b45c7e69-6389-4551-b4e4-2741d1587038@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



On Dec 5, 5:42 pm, "Zester" <z...@xxxxxxxxxxxxx> wrote:
Hi,

Is there a way to enable "security" cookie property? Someone mentioned
to
me that we can make an application's cookie more secure that way. I
assume
that it's a setting in IIS. I'm running version 6. thanks!

What you are asking for is specific to your application framework
(ASP, ASP.Net, PHP, etc) and actually has nothing to do with IIS.
Thus, there will never be a setting in IIS for what you are asking
for. It will always be a setting within your application framework.

IIS is an HTTP server, which is supposed to be stateless, which means
that it does not care about stateful things like cookies nor how
secure they are being used (IIS can ensure secure transport of the
cookie data, but it has no way nor reason to ensure the security of
the cookie data itself nor how that data is used).

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//- Hide quoted text -

- Show quoted text -

.