Allow flags to be set on the Application Gateway Affinity Cookie
Our security team is telling us that the cookie from the application gateway is failing security scans because the secure and httponly flags are not set.
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
Mark Nash commented
Our security team has just highlighted that this is required.
Any update on when this feature will be available?
Fran Vano commented
Do you know if this is already possible to be modified?
Arun Narayanan commented
Restricting cookies by modifying their flags would be a good feature to have,
Are there any updates on this feature?
This is an issue for me too. External Pen test has flagged it and our client insists it's set. How do we do this without spend lots of $$$ on a proprietary product like Fortigate?
same here, our security team highlighted it. Can we have the flags enabled ?