Pages: 1

#1 2025-01-20 11:12:38

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 519

How to Set secure attribute in cookie of MVC Application

Hi Arnaud, we are asked to set secure Attribute for cookies, is this possible with m2 and how ?
ty

Rad Studio 12.1 Santorini

Offline

#2 2025-01-20 11:55:16

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 519

Re: How to Set secure attribute in cookie of MVC Application

One other question in this context, is it possible to crypt the traffic from client with syncrossplatform client to m2 server without using ssl.

as ssl can be compromitted with man in the middle attacks

Rad Studio 12.1 Santorini

Offline

#3 2025-01-20 12:49:12

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,793
Website

Re: How to Set secure attribute in cookie of MVC Application

1) Please try
https://github.com/synopse/mORMot2/commit/f7137f47d

2) There is no such feature in the SynCrossPlatform client.
To mitigate MiM attack, you can force mutual authentication of both ends. This is the standard and proven way of fully securing a HTTPS link.

Offline

#4 2025-01-20 13:57:35

itSDS
Member
From: Germany
Registered: 2014-04-24
Posts: 519

Re: How to Set secure attribute in cookie of MVC Application

Hi Arnaud, sounds good, is there an example of mutual Authentication available ?

Rad Studio 12.1 Santorini

Offline

#5 2025-01-20 16:32:32

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,793
Website

Re: How to Set secure attribute in cookie of MVC Application

Not with the SynCrossPlatform client direct yet.
It depends on the HTTPS client unit used.

Offline

Pages: 1

Board footer

Powered by FluxBB