HTTPOnlyCookie is enabled by default for Authentication and Sessions cookies in ASP.NET 2.0 but not for manually issued cookies. To enable it for manual issued cookie we need to add following in the web.config.
<httpCookies httpOnlyCookies="true" />
Once we enable the HTTPOnlyCookie on the SharePoint, few things like the default approval workflow for the list will give problem while enablind. We can notice it will add one extra parameter(Infopath_Sentinel=1) in the URL querystring. I am not sure what it is used for, but we cannot create the workflow.
So to avoid this we need te make sure the HTTPOnly cookie need not be enabled from the web.config.
No comments:
Post a Comment