I have a WSS 3.0 site that uses forms authentication. In addition to my authentication cookie I get a cookie that contains data like this:
2FDiscovery=WorkspaceSiteName=aHR0cDovL3d3dy5rZWxldi5iaXo=&WorkspaceSiteUrl= aHR0cHM6Ly9zdGFnaW5nLWluc2lnaHQubmNqcnMuZ292&WorkspaceSiteTime=MjAwOS 0xMi0xMFQxNDo1ODoxMQ==; path=/_vti_bin/Discovery.asmx;
This cookie does not have the Secure attribute set, even though I have requireSSL="true" in my web.config and the other cookies have the attribute.
I do not know if this cookie originates in WSS or in forms authentication in general.
Does anyone know what the cookie does (or what /_vti_bin/Discovery.asmx does, for that matter) and why the attribute doesn't seem to get picked up from the web.config?
Best Answer
The content of the cookie (
WorkspaceSiteName
,WorkspaceSiteUrl
,WorkspaceSiteTime
) suggests it is used by MS Office to remember the recently used SharePoint Workspaces so it can show it to you when you like to save a document in MS Word for example. I haven't verified this though. In my experience, the cookie has a persistence period of 30 days, which would mean that MS Office remembers the workspaces you have visited the last 30 days.Regarding your
requireSSL=true
entry inweb.config
not being picked up, in whichweb.config
did you put the entry? Theweb.config
at the root of your web site (in thec:\inetpub\wwwroot\wss\virtualdirectories\<sitename>
folder) is the wrongweb.config
!_vti_bin
is configured as a virtual directory in IIS and maps to the physical pathC:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\isapi
. There is a seperateweb.config
in that location.