I have a website in DNN 8.00.04. Within this site I have 5 portals.
In the main portal all my cookies are secure and http only. But on the other 4 portals they are not.
I have looked at the community of DNN but found nothing relevant. How can i make sure that they are all secure ?
- The 'tankpas_cookie_accept' is a cookie I create in code and is set to secure and httpOnly.
- For the ASP.NET_SessionId I have used the following article to refresh the id: Generating a new ASP.NET session in the current HTTPContext
But the other cookies are DNN cookies wich I don't know how to set them secure.
I allready tried to make the portal ssl enabled through: Host - Site Management - (the portal) - Advanced setting - SSL Settings
SSL Enabled: checked SSL Enforced: checked
--EDIT-- changing the webconfig from
<httpCookies httpOnlyCookies="true" requireSSL="false" domain="" />
to
<httpCookies httpOnlyCookies="true" requireSSL="true" domain="" />
Changing this however made the admin portal unavailable.
-- Edit 2-- Adding the following gives me a 505 Error when trying to open the site.
<rewrite>
<outboundRules>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000; includeSubDomains; preload" />
</rule>
</outboundRules>
</rewrite>
Thx