Hello everyone,
I have got a request from one of my clients asking me to add the following flag to OWA's web.config file but I am unable to find the whole flag in the first place.
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
I guess the flag exists in Exchange 2010 but it might changed in 2013.
The traffic can be seen to use HttpOnly without request for SSL on the cookie that Exchange use for authentication on Owa
I would appreciate any suggestion or clarification on this question.
Thanks
HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Location: /owa/auth/errorFE.aspx?httpCode=500 Server: Microsoft-IIS/8.0 request-id: 13687db3-15c2-499e-b103-5b544e9746bf Set-Cookie: ClientId=HBFJMWVUOMMTTS9XLWJW; expires=Wed, 16-Nov-2016 12:20:14 GMT; path=/; HttpOnly X-FEServer: BILEXCHCAS02 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Tue, 17 Nov 2015 12:20:14 GMT Content-Length: 152
Mohammed JH