shibboleth-dev - [Shib-Dev] Shib SP secure cookies
Subject: Shibboleth Developers
List archive
- From: Bradley Schwoerer <>
- To:
- Subject: [Shib-Dev] Shib SP secure cookies
- Date: Tue, 09 Nov 2010 12:58:11 -0600
One of our application admins brought it to my attention that even with handlerSSL="true" in the Sessions block for the Shib SP config that it does not by default mark the cookies secure. After researching I found that adding cookieProps="; path=/; secure" in the Sessions block makes it mark the cookies as secure.
Is there a config option that we are not setting properly, or is that by design? Is it possible to change it so that by default with handlerSSL="true" that it sets the secure flag for the cookie?
Thanks
-Bradley
- [Shib-Dev] Shib SP secure cookies, Bradley Schwoerer, 11/09/2010
- RE: [Shib-Dev] Shib SP secure cookies, Scott Cantor, 11/09/2010
- Re: [Shib-Dev] Shib SP secure cookies, Bradley Schwoerer, 11/09/2010
- RE: [Shib-Dev] Shib SP secure cookies, Scott Cantor, 11/09/2010
Archive powered by MHonArc 2.6.16.