IIS Retail set to True

One handy deployment tip is to set IIS retail mode to true in the Machine.config: <system.web> <deployment retail=”true”/> </system.web> This will disable tracing output & debug mode and also force custom errors to On. Note if you are trying to debug a problem on webserver using CustomErrors set to remoteonly and it is not working this […]

RequireSSL – Marking Cookies As Secure

If your site always intends to serve its content over HTTPS/SSL then every request that is passes between the browser\webserver will encrypt the cookies. Excellent – no one monitoring or sniffing the traffic can see the cookie value. However even if you intend to always use HTTPS if ANY content is supplied over http (javascript files, images, […]

Mark Cookies as HTTPONLY

Marking your cookies as HTTPONLY will mean that JavaScript code running in most browsers cannot access a user’s cookies. This is important as if a hacker does manage to compromise your site and inject JavaScript it may be possible for the hacker to steal values of cookies (including security cookies). If HTTPONLY is set on the cookies […]