session cookie secure

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

session cookie secure

claytondonahue
Hi all,


We are trying to enable the "session cookie secure" option in Active4D.ini, but seem to be running into some difficulties. Once this change has been made, we no longer have any session cookies being set, as confirmed through the Chrome inspector.


We are admittedly running an older flavor of Active 4D (6.1r14) and 4D (14.6). Windows server.


Setting the debug log level to "debug" shows that the "session cookie secure" option is set to "true" in the startup logs.


We do explicitly set a "session cookie domain"; "session cookie path" and "session var name" are set to the default values.


Are there any known issues with this option or is there something else in the setup we should be considering?


Thanks!


- Clayton
<https://www.ivantagehealth.com/>
_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: session cookie secure

Aparajita Fishman
Is the request itself over https? As the Active4D docs point out:

> Note: If the session cookie secure configuration option is true and the request is not secure, the session cookie will not be sent even if one of the above conditions is met.

All the best,

  - Aparajita

> On Oct 26, 2017, at 1:31 PM, Clayton Donahue <[hidden email]> wrote:
>
> Hi all,
>
>
> We are trying to enable the "session cookie secure" option in Active4D.ini, but seem to be running into some difficulties. Once this change has been made, we no longer have any session cookies being set, as confirmed through the Chrome inspector.
>
>
> We are admittedly running an older flavor of Active 4D (6.1r14) and 4D (14.6). Windows server.
>
>
> Setting the debug log level to "debug" shows that the "session cookie secure" option is set to "true" in the startup logs.
>
>
> We do explicitly set a "session cookie domain"; "session cookie path" and "session var name" are set to the default values.
>
>
> Are there any known issues with this option or is there something else in the setup we should be considering?
>
>
> Thanks!
>
>
> - Clayton
> <https://www.ivantagehealth.com/>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/


_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: session cookie secure

claytondonahue
Hi Aparajita,

Thanks for the quick reply. Yes, this request is over SSL. At first we thought the issue was due to a self-signed certificate, but verified that it was still an issue on a third-party cert.

That being said ... on further investigation this is behind a proxy server that is handling the SSL connection, and communicating with 4D over http.  My guess is that's the issue at play.

Thanks again,

- Clayton

-----Original Message-----
From: Active4D-dev [mailto:[hidden email]] On Behalf Of Aparajita Fishman
Sent: Thursday, October 26, 2017 5:20 PM
To: Active4D Developer Discussion List <[hidden email]>
Subject: Re: [Active4d-dev] session cookie secure

Is the request itself over https? As the Active4D docs point out:

> Note: If the session cookie secure configuration option is true and the request is not secure, the session cookie will not be sent even if one of the above conditions is met.

All the best,

  - Aparajita

> On Oct 26, 2017, at 1:31 PM, Clayton Donahue <[hidden email]> wrote:
>
> Hi all,
>
>
> We are trying to enable the "session cookie secure" option in Active4D.ini, but seem to be running into some difficulties. Once this change has been made, we no longer have any session cookies being set, as confirmed through the Chrome inspector.
>
>
> We are admittedly running an older flavor of Active 4D (6.1r14) and 4D (14.6). Windows server.
>
>
> Setting the debug log level to "debug" shows that the "session cookie secure" option is set to "true" in the startup logs.
>
>
> We do explicitly set a "session cookie domain"; "session cookie path" and "session var name" are set to the default values.
>
>
> Are there any known issues with this option or is there something else in the setup we should be considering?
>
>
> Thanks!
>
>
> - Clayton
> <https://www.ivantagehealth.com/>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/


_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: session cookie secure

Aparajita Fishman
If the connection to 4D is http, then as far as Active4D is concerned it is a non-secure connection and it won’t accept a secure cookie. You’ll have to reconfigure the proxy to use SSL.

All the best,

  - Aparajita

> On Oct 27, 2017, at 9:43 AM, Clayton Donahue <[hidden email]> wrote:
>
> Hi Aparajita,
>
> Thanks for the quick reply. Yes, this request is over SSL. At first we thought the issue was due to a self-signed certificate, but verified that it was still an issue on a third-party cert.
>
> That being said ... on further investigation this is behind a proxy server that is handling the SSL connection, and communicating with 4D over http.  My guess is that's the issue at play.
>
> Thanks again,
>
> - Clayton
>
> -----Original Message-----
> From: Active4D-dev [mailto:[hidden email]] On Behalf Of Aparajita Fishman
> Sent: Thursday, October 26, 2017 5:20 PM
> To: Active4D Developer Discussion List <[hidden email]>
> Subject: Re: [Active4d-dev] session cookie secure
>
> Is the request itself over https? As the Active4D docs point out:
>
>> Note: If the session cookie secure configuration option is true and the request is not secure, the session cookie will not be sent even if one of the above conditions is met.
>
> All the best,
>
>  - Aparajita
>
>> On Oct 26, 2017, at 1:31 PM, Clayton Donahue <[hidden email]> wrote:
>>
>> Hi all,
>>
>>
>> We are trying to enable the "session cookie secure" option in Active4D.ini, but seem to be running into some difficulties. Once this change has been made, we no longer have any session cookies being set, as confirmed through the Chrome inspector.
>>
>>
>> We are admittedly running an older flavor of Active 4D (6.1r14) and 4D (14.6). Windows server.
>>
>>
>> Setting the debug log level to "debug" shows that the "session cookie secure" option is set to "true" in the startup logs.
>>
>>
>> We do explicitly set a "session cookie domain"; "session cookie path" and "session var name" are set to the default values.
>>
>>
>> Are there any known issues with this option or is there something else in the setup we should be considering?
>>
>>
>> Thanks!
>>
>>
>> - Clayton
>> <https://www.ivantagehealth.com/>
>> _______________________________________________
>> Active4D-dev mailing list
>> [hidden email]
>> http://list.aparajitaworld.com/listinfo/active4d-dev
>> Archives: http://active4d-nabble.aparajitaworld.com/
>
>
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/


_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/