Hi
I have an SSL application, i want to marked with secure attribute so that it will only be transmitted if the communications channel with the host is via https. If the secure attribute is not specified an attacker or configration error could potentially cause the cookies to be transmitted over the http, and allowing unauthorized acces to the application.
My question is where in the IIS7 i can alter the configration set the "httponly" attribute on all cookies.
The application does not have "httponly"
Thanks