Latest update: 7.1.4
- Overview
- General Security Considerations
- Securing Network Communication
- Securing Administrative Access
- Securing Realms
- Configuring Secrets, Certificates, and Keys
- Securing the Session Cookie
- Additional Cookie Security Considerations
- Securing Sessions
- Request Security Considerations
- Protecting Applications
- Setting Up Audit Logging
- Reference
- Glossary
Configuring Secure Session Cookies
When using HTTPS, mark all your cookies as secure, which means they are only transmitted over HTTPS protocols.
This flag is useful for sites that allow both HTTPS and HTTP traffic, since it protects from HTTP redirection carrying session cookies across unencrypted connections.
To Configure the Secure Flag
In the AM console, go to Configure > Server Defaults > Security > Cookie.
Enable the Secure Cookie switch, and save your changes.
Restart AM or the container where it runs.