Secure ASP Session and Forms Authentication cookies

In order to secure your ASP Session cookie and the Forms Authentication cookie perform the following steps:
  • Ensure that there is an SSL certificate installed for the Secret Server instance
  • Log in to Secret Server using HTTPS
  • Navigate to the Administration -> Configuration page
  • Click on the ‘Security’ Tab and click the Edit button
  • Check the ‘Force HTTPS/SSL’ checkbox
  • Click the Save button
  • Open the web-cookies.config file in the Secret Server installation folder
    • Set ‘requireSSL’ to true
    • Save and Close the file
  • Open the web-auth.config file in the Secret Server installation folder
    • Set ‘requireSSL’ to true (Add the attribute requireSSL="true" to the forms tag if not exists)
    • Save and Close the file
  • Recycle the Secret Server application pool
  • Log out of Secret Server and then log in using https

Article ID: 150, Created On: 3/10/2011, Modified: 5/4/2011

Feedback (0)