after revving component space library to 2.1 the distributed SSO session store cookie (“saml-session”) is being set HttpOnly, but not secure by default. documentation suggests this is unexpected behaviour and am seeking potential solutions to send this cookie securely.
Hi Robert
In later releases the cookie is marked as secure and HTTP only by default.
Please contact us to see if you qualify for a free upgrade.
[quote]
[/quote]
Many thanks for your reply - what release was this change made? - as per documentation (https://www.componentspace.com/Documentation/SAMLv20-Core/ComponentSpace%20SAML%20v2.0%20Developer%20Guide.pdf pg 26) this should be marked secure by default in the current version in use.
This change was made in v2.2.0.
You’ll find the release notes at:
https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf
[quote][/quote]
This change was made in v2.2.0.
You'll find the release notes at:
https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf
You'll find the release notes at:
https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf
Many thanks for your help
You’re welcome.