Section
1.1.2
Top Level
Sub Level
General
Restrict the forms authentication cookie to HTTPS by using the requireSSL attribute.
Coldfusion
In the <cfcookie> tag, set the "secure" attribute to "yes" - If browser does not support Secure Sockets Layer (SSL) security, the cookie is not sent. To use the cookie, the page must be accessed using the https protocol.
yes: Variable must be transmitted securely.
Django
The authentication session cookie can be marked secure by setting SESSION_COOKIE_SECURE to True (it defaults to False).
Natural Webagent
This is handled automatically when using EID authentication.
PHP
Under Apache you may force the SSL requirement with the following directive:
<Directory /path> SSLRequireSSL </Directory>
On IIS this setting is handled under in the "Web site properties" under "Directory Security."