Our site Sitecore 6.6.0 (rev. 120918) can work through http, as well as https. We also have a security requirement for all cookies to be transmitted over SSL, regardless of whether the website is accessible via http.
We achieved this requirement by using the requireSSL property in web.config, as described here: How to set a security flag in an ASP.NET session cookie?
Our public website works perfectly with this change, and when it is analyzed by Firebug, we see that all cookies are "safe" even when the website is accessed via http.
But the problem is that I try to enter the sitecore administration portal via http, it throws an error The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL. The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL. . The only way to access the sitecore administration portal is through https. Even with https this gives some weird problems. After some time of use, he says that many user administrators are logged in, and I have to kick some of them out to log in. I also cannot access the admin portal remotely.
Why does a public website work with SSL files, but the sitecore administration portal has problems with SSL cookies. Is this possible and incompatible configuration on our site?
source share