Cookie: Dynamicweb.SessionVisitor not set as secure or httponly

Anders Ebdrup

Posted on 30/07/2020 10:47:17

Dear Dynamicweb,

We are experiencing that the cookie Dynamicweb.SessionVisitor is not set as secure or httponly no matter our settings in the backend.

Can you please try to look into that?

Best regards,

Anders

Replies

Morten Bengtson

Posted on 13/08/2020 16:28:22

Hi Anders,

I can see that there is something weird going on with that cookie. I will take a closer look at it.

Best regards,
Morten

Kristian Kirkholt

Posted on 10/09/2020 14:08:27

Hi Anders

Problem solved in Package Dynamicweb.Environment.Web version 3.1.1

or in Dynamicweb version 9.9.0

Kind Regards
Dynamicweb Support
Kristian Kirkholt

Jose Caudevilla

Posted on 19/02/2021 09:57:30

Hi Kristian,

I updated the Dynamicweb version to 9.9.6 and still having the same problem as Anders. No matter what if the cookies are secure or not.

Somethimes the monitor returns the following message:

2021-02-19 09:14:30.205: A potentially dangerous Request.Cookies value was detected from the client (Dynamicweb.SessionVisitor="...rDynamics=<dynamics><growth ta...").
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Cookies value was detected from the client (Dynamicweb.SessionVisitor="...rDynamics=<dynamics><growth ta...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)

What do you think could be happening?

Thanks,

Jose.

You must be logged in to post in the forum

Developer forum

Cookie: Dynamicweb.SessionVisitor not set as secure or httponly

Replies