I suggest you ...

Allow cookie names to be configurable

In order to improve security it would be beneficial to change cookie names from const to a configurable option. It would help mask the presence of service stack and improve security in accordance with OWASP recommendations - https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Name_Fingerprinting

6 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • DannyDanny commented  · 

        My reason for needing this is that if you have a servicestack site at domain.com, and another one at api.domain.com, the cookies will fight with each other. In Chrome the cookies stay separate, but in IE the cookies will be shared even though no domain is specified on the cooke. I know this to be the case because we had this working fine in Chrome but accessing the system in IE caused each site to log the other one out repeatedly. A discussion on this point and a test script to demonstrate can be found here : https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain/44342126#44342126

      Feedback and Knowledge Base