Mar 06, 2020
May 15, 2020
Closed, Fixed and tested
Prerequisite: In the config file, the user set <httpCookies httpOnlyCookies="true" requireSSL="true" /> .
Steps to reproduce
1) Open a new Incognito window.
2) Check both cookies EPi: NumberOfVisits, ASPNet Session cookie secure, and HTTPOnly flags.
3) Delete the ASPNet Session cookie.
4) Refresh the page.
5) The EPi: NumberOfVisits cookie doesn't have HttpOnly or Secure set.
6) All communication between the application and load balancer and servers is in https.