I want to make sure that session-related cookie data is sent over secure channels. How can I do this?
How to set the "secure" flag for session cookies?
Modified on 2025-06-10 15:07:44 +0200
Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.
Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
This article applies as of PRTG 20.3.60
Force "secure" flag for HTTP cookies
As of PRTG 20.3.60, PRTG provides the option to force the "secure" flag for HTTP cookies. The corresponding registry key option allows you to do this. It is not mandatory, however, if you do not configure the registry hack, cookies will not have the "secure" flag set. Forcing the flag is especially necessary if you use SSL offloading.
Important: If you enable this registry hack, clients that reach the PRTG web server without HTTPS, either directly or behind the load balancer, will not be able to stay logged in to PRTG because the authentication cookie will not work.
Steps to take
Caution: Back up your system before you manipulate the Windows registry!
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Paessler\PRTG Network Monitor\Server\WebserverHKEY_LOCAL_MACHINE\SOFTWARE\Paessler\PRTG Network Monitor\Server\WebserverPRTG now forces the "secure" flag for HTTP cookies.
Mar, 2021 - Permalink