Cookie security: cookie not sent over SSL

This setting is applicable if the IRC application is SSL enabled.

To set cookies with secured attribute:

  1. Locate the Web.config file from the [IRC_InstallPath] /BizRightsPresentation.
  2. Locate the roleManager xml node in the web.config file.
  3. Add the attribute cookieRequireSSL to the roleManager xml node and the set the value to true.
    For example, <roleManager enabled="true" defaultProvider="BizRightsRoleManager" cacheRolesInCookie="true" createPersistentCookie="false" cookieProtection="All" cookieRequireSSL="true">.
  4. Locate the forms xml node in the web.config file.
  5. Add the attribute requireSSL to the forms xml node and set the value to true.
    For example, <forms name="BRCookie" loginUrl="BizRightsWarning.aspx" protection="All" timeout="365" path="/" requireSSL="true" slidingExpiration="true" />.
  6. Locate the httpCookies xml node in the web.config file.
  7. Add the attribute requireSSL to the httpCookies xml node and set the value to true.
    For example, <httpCookies httpOnlyCookies="true" requireSSL="true" />.
  8. Save the web.config file.