Developer forum

Forum » CMS - Standard features » Cookie: Dynamicweb.SessionVisitor not set as secure or httponly

Cookie: Dynamicweb.SessionVisitor not set as secure or httponly

Anders Ebdrup
Anders Ebdrup
Reply

Dear Dynamicweb,

 

We are experiencing that the cookie Dynamicweb.SessionVisitor is not set as secure or httponly no matter our settings in the backend.

Can you please try to look into that?

 

Best regards,

Anders


Replies

 
Morten Bengtson Dynamicweb Employee
Morten Bengtson
Reply

Hi Anders,

I can see that there is something weird going on with that cookie. I will take a closer look at it.

Best regards,
Morten

 
Kristian Kirkholt Dynamicweb Employee
Kristian Kirkholt
Reply

Hi Anders

Problem solved in Package Dynamicweb.Environment.Web version 3.1.1

or in Dynamicweb version 9.9.0

Kind Regards
Dynamicweb Support
Kristian Kirkholt

 

 
Jose Caudevilla
Reply

Hi Kristian,

I updated the Dynamicweb version to 9.9.6 and still having the same problem as Anders. No matter what if the cookies are secure or not.

Somethimes the monitor returns the following message: 

2021-02-19 09:14:30.205: A potentially dangerous Request.Cookies value was detected from the client (Dynamicweb.SessionVisitor="...rDynamics=<dynamics><growth ta...").
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Cookies value was detected from the client (Dynamicweb.SessionVisitor="...rDynamics=<dynamics><growth ta...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)

 

What do you think could be happening?

 

Thanks, 

Jose.

 

 

You must be logged in to post in the forum