secure session cookie in servicestack

Can anyone tell me how to get ServiceStack to use secure attribute on the session cookies so that the cookie is only sent on https based requests. This is important for helping to prevent session hijacking. My tests so far show that if ServiceStack authentication in done on a https website it still sets the cookies to no be secure meaning if there are any http requests in the site the cookies could be captured.

Is there a setting or config to change this?

Solution

You can use the Config.UseSecureCookies option to tell ServiceStack to add a Secure cookie for SessionIds in HTTPS requests:

SetConfig(new HostConfig { 
  UseSecureCookies = true
});

Math.Sin() gives incorrect value
How to run my python script when the sunOS is start booting
Express-session: not resetting cookie expiration on each request
Getting a stack overflow exception when normalizing a vector
Edit default summary function in R gives error for multiple variables
What was a For loop? Why isn't it needed in R?
How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
Why are there two assignment operators, `<-` and `->` in R?
lm()$assign: what is it?
How to get the value of list(...) in R and S functions
Design matrix for MLM from library(lme4) with fixed and random effects
how to generate elements not included in my sample
Create a matrix with gradually changing values without a for loop
Emacs ESS and S-plus ( S+ ) 8.1 compatability
How to lag date-index in a time-series in R?
Nonlinear regression in R / S
Calling R from S-Plus?