I’m hosting applications on Galaxy and I’m wondering if it is possible to force the galaxy-sticky cookie to “secure”. I have my applications set to force SSL so I don’t believe that there is a significant security risk, however, this cookie is flagged in some of our security scans as non-compliant.
This just popped up for me - did you end up finding a fix?
No. I’ll submit a support ticket today and update this thread if we figure it it.
This is the response I received from MDG:
I put it on my todo list to learn a bit more about the security concerns around this cookie setting. For now, I’m satisfied with the answer I received.