EPiServer.CMS.Core 11.14.2
EPiServer.CMS.Core 11.15.1
Mar 06, 2020
May 15, 2020
CMS Core
Closed, Fixed and tested
Prerequisite: In the config file, the user set <httpCookies httpOnlyCookies="true" requireSSL="true" /> .
Steps to reproduce
1) Open a new Incognito window.
2) Check both cookies EPi: NumberOfVisits, ASPNet Session cookie secure, and HTTPOnly flags.
3) Delete the ASPNet Session cookie.
4) Refresh the page.
5) The EPi: NumberOfVisits cookie doesn't have HttpOnly or Secure set.
6) All communication between the application and load balancer and servers is in https.