How to enable "Secure" cookie ?

How to enable "Secure" cookie ?

am 06.12.2007 02:42:25 von Zester

Hi,

Is there a way to enable "security" cookie property? Someone mentioned to
me that we can make an application's cookie more secure that way. I assume
that it's a setting in IIS. I'm running version 6. thanks!

Re: How to enable "Secure" cookie ?

am 06.12.2007 05:35:00 von David Wang

On Dec 5, 5:42 pm, "Zester" wrote:
> Hi,
>
> Is there a way to enable "security" cookie property? Someone mentioned to
> me that we can make an application's cookie more secure that way. I assume
> that it's a setting in IIS. I'm running version 6. thanks!


What you are asking for is specific to your application framework
(ASP, ASP.Net, PHP, etc) and actually has nothing to do with IIS.
Thus, there will never be a setting in IIS for what you are asking
for. It will always be a setting within your application framework.

IIS is an HTTP server, which is supposed to be stateless, which means
that it does not care about stateful things like cookies nor how
secure they are being used (IIS can ensure secure transport of the
cookie data, but it has no way nor reason to ensure the security of
the cookie data itself nor how that data is used).


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: How to enable "Secure" cookie ?

am 06.12.2007 15:49:01 von Zester

What about AspKeepSessionIDSecure property setting? Somebody briefly
suggested that it might be something related cookie security. What does it
do? thanks!



"David Wang" wrote in message
news:b45c7e69-6389-4551-b4e4-2741d1587038@d27g2000prf.google groups.com...
> On Dec 5, 5:42 pm, "Zester" wrote:
>> Hi,
>>
>> Is there a way to enable "security" cookie property? Someone mentioned
>> to
>> me that we can make an application's cookie more secure that way. I
>> assume
>> that it's a setting in IIS. I'm running version 6. thanks!
>
>
> What you are asking for is specific to your application framework
> (ASP, ASP.Net, PHP, etc) and actually has nothing to do with IIS.
> Thus, there will never be a setting in IIS for what you are asking
> for. It will always be a setting within your application framework.
>
> IIS is an HTTP server, which is supposed to be stateless, which means
> that it does not care about stateful things like cookies nor how
> secure they are being used (IIS can ensure secure transport of the
> cookie data, but it has no way nor reason to ensure the security of
> the cookie data itself nor how that data is used).
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //

Re: How to enable "Secure" cookie ?

am 07.12.2007 07:01:50 von David Wang

Please clarify what you are trying to accomplish and secure. You never
indicated what sort of application you are talking about, nor what you
are trying to secure. Security is a state of awareness that is
constantly in flux and changing, not a bunch of static settings to
configure and bam everything is magically secure.

I mean, someone briefly suggested that turning off the computer may be
related to computer security. Why don't you try that as well? ;-)

You can't just ask about "cookies" and "security" in the general. For
example, AspKeepSessionIDSecure property is specific to ASP
applications and handled by ASP.DLL itself. The property is stored in
the IIS metabase, but it is not a "setting in IIS". It is not
applicable to other application frameworks like ASP.Net or PHP.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//


On Dec 6, 6:49 am, "Zester" wrote:
> What about AspKeepSessionIDSecure property setting? Somebody briefly
> suggested that it might be something related cookie security. What does it
> do? thanks!
>
> "David Wang" wrote in message
>
> news:b45c7e69-6389-4551-b4e4-2741d1587038@d27g2000prf.google groups.com...
>
>
>
> > On Dec 5, 5:42 pm, "Zester" wrote:
> >> Hi,
>
> >> Is there a way to enable "security" cookie property? Someone mentioned
> >> to
> >> me that we can make an application's cookie more secure that way. I
> >> assume
> >> that it's a setting in IIS. I'm running version 6. thanks!
>
> > What you are asking for is specific to your application framework
> > (ASP, ASP.Net, PHP, etc) and actually has nothing to do with IIS.
> > Thus, there will never be a setting in IIS for what you are asking
> > for. It will always be a setting within your application framework.
>
> > IIS is an HTTP server, which is supposed to be stateless, which means
> > that it does not care about stateful things like cookies nor how
> > secure they are being used (IIS can ensure secure transport of the
> > cookie data, but it has no way nor reason to ensure the security of
> > the cookie data itself nor how that data is used).
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //- Hide quoted text -
>
> - Show quoted text -