Secure ASP Session and Forms Authentication cookies

Root > Secret Server
In order to secure your ASP Session cookie and the Forms Authentication cookie perform the following steps:
  • Ensure that there is an SSL certificate installed for the Secret Server instance
  • Log in to Secret Server using HTTPS
  • Navigate to the Administration -> Configuration page
  • Click on the ‘Security’ Tab and click the Edit button
  • Check the ‘Force HTTPS/SSL’ checkbox
  • Click the Save button
  • Open the web-cookies.config file in the Secret Server installation folder
    • Set ‘requireSSL’ to true
    • Save and Close the file
  • Open the web-auth.config file in the Secret Server installation folder
    • Set ‘requireSSL’ to true (Add the attribute requireSSL="true" to the forms tag if not exists)
    • Save and Close the file
  • Recycle the Secret Server application pool
  • Log out of Secret Server and then log in using https

Add Feedback