To secure the cookies of SigningHub Admin, make sure the following attributes and values are set for the httpCookies tag under the [SigningHub-Installation-Dir]/admin/web.config file:

 

It should only be enabled when SigningHub Admin is configured to run over SSL.


For the httpCookies tag, make sure to set the requireSSL attribute to true as shown below: 

<httpCookies httpOnlyCookies="true" requireSSL="true" domain=""/>