Secure ASP Session and Forms Authentication cookies

Root
In order to secure your ASP Session cookie and the Forms Authentication cookie perform the following steps:
 
  1. Ensure that there is an SSL certificate installed for the instance.
  2. Log in to Secret Server using HTTPS.
  3. Navigate to the Admin > Configuration page
  4. Click on the ‘Security’ Tab and click the Edit button
  5. Check the ‘Force HTTPS/SSL’ checkbox
  6. Click the Save button.
  7. Open the web-cookies.config file in the application installation folder
    • Set ‘requireSSL’ to true
    • Save and Close the file.
  8. Open the web-auth.config file in the application installation folder
    • Set ‘requireSSL’ to true (Add the attribute requireSSL="true" to the forms tag if not exists)
    • Save and Close the file.
  9. Recycle the Secret Server's application pool.

Add Feedback