How to Secure HTTP Cookies?
About
What is Cookie Security?
Cookies play a crucial role in web applications running over HTTPS, and ensuring their security is highly important. On TR7 ASP, you can enhance the security of desired cookies by applying flags like Secure, HTTPOnly, and SameSite=Strict using the Cookie Encryption action.
- Secure > Allows the browser to use this cookie only over an HTTPS connection.
- HttpOnly > Allows the browser to use this cookie only for HTTP. Any JavaScript code that is about to be executed will be prevented from accessing this cookie.
- SameSite=Strict > It protects against Cross Site Request Forgery (CSRF) attacks by controlling whether a cookie is sent with cross-site requests. SameSite=Strict prevents the browser from transferring cookie data during cross-site requests.
Interface
HTTP Cookie Security
Step > 1
"Traffic Manager > Traffic Manipulation > Actions > Add" steps are followed. On the screen that opens, HTTP Cookie Security is selected as Action Type and the desired Cookie Security Options are selected from the list that opens. The Action is created by clicking the Add button.
Step > 2
"vServices > Related vService" is selected and the editing screen opens. From the Details tab, Actions is activated and the created Action is selected.
The changes made for the vService are saved by clicking the Save button.