Skip to content

I suggest you ...

← Feature Requests

Allow cookie names to be configurable

In order to improve security it would be beneficial to change cookie names from const to a configurable option. It would help mask the presence of service stack and improve security in accordance with OWASP recommendations - https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Name_Fingerprinting

7 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Danny commented  ·   ·  Report

    My reason for needing this is that if you have a servicestack site at domain.com, and another one at api.domain.com, the cookies will fight with each other. In Chrome the cookies stay separate, but in IE the cookies will be shared even though no domain is specified on the cooke. I know this to be the case because we had this working fine in Chrome but accessing the system in IE caused each site to log the other one out repeatedly. A discussion on this point and a test script to demonstrate can be found here : https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain/44342126#44342126

Feature Requests

Categories

Feedback and Knowledge Base

(thinking…)