Creates a more robust cookie with __secure- prefix and increases the acceptance of compatible browsers.
This prefix is the more relaxed in terms of the restrictions it applies but is still useful. You simply prefix your cookie and a compliant browser will enforce it:
Set-Cookie: __Secure-sess=123; path=/; Secure
The __secure prefix signals to the browser that the SecureAttribute is required.
In addition, the problem that you cannot log in to the admin area via a non-HTTPS connection has been fixed. Reported by @prbt2016 in #371. Many thanks also at this point. Also #375 was created as a suggestion.
Fixes #155
This prefix is the more relaxed in terms of the restrictions it applies but is still useful. You simply prefix your cookie and a compliant browser will enforce it:
Set-Cookie: __Secure-sess=123; path=/; Secure
The __secure prefix signals to the browser that the SecureAttribute is required.
In addition, the problem that you cannot log in to the admin area via a non-HTTPS connection has been fixed. Reported by @prbt2016 in #371. Many thanks also at this point. Also #375 was created as a suggestion.