Changing Sitecore Cookie Config as HttpOnly

260 Views Asked by Libin At 08 March 2023 at 14:54

I'm new to Sitecore, for my new Project, I need to make a few customizations in cookie creation.

I just found that with a custom processor, I can change existing cookies HttpOnly vale as 'true'. But is there any way to force the Sitecore to create cookies with HttpOnly as 'true'? I'm using Sitecore 10 version.

Config Patch

<processor patch:before="processor[@type='Sitecore.Pipelines.HttpRequest.ItemResolver, Sitecore.Kernel']"
     type="MySCProject.Foundation.SitecoreExtensions.Pipelines.HttpRequestBegin.CookieProcessor, MySCProject.Foundation.SitecoreExtensions" />

Custom Processor

    public class CookieProcessor : HttpRequestProcessor
    {
        public override void Process(HttpRequestArgs args)
        {
            var cookie = HttpContext.Current.Request.Cookies["shell#lang"];
            if (cookie != null)
            {
                cookie.HttpOnly = true;
                HttpContext.Current.Response.Cookies.Add(cookie);
            }
        }
    }

Original Q&A

There are 1 best solutions below

Alexander On 27 July 2023 at 09:31

You can set the httpOnlyCookies attribute to true in the element within the web.config file under webroot.

<httpCookies httpOnlyCookies="true" />

and make sure if it is compatible with all your requriments.

Changing Sitecore Cookie Config as HttpOnly

There are 1 best solutions below

Related Questions in COOKIES

Related Questions in SITECORE

Related Questions in SITECORE-MVC

Trending Questions

Popular # Hahtags

Popular Questions