Prevention Cookies Manipulation in application

0
Dear Expert Developers, In our current project, our team is working on enhancing the security of our application by preventing cookie manipulation on On-Premises server. We would like to inquire if it is possible to implement such a security measure within a Mendix-based application. If this is feasible, could you please provide a detailed, step-by-step process to achieve this? Thank you in advance for your guidance and support. Edit: In this I want to enable http only with secure and same site should be strict.
asked
2 answers
1

Mendix provides security out-of-the-box. Check out the evaluation guide.

answered
0

Hi Syed,

Mendix does not provide a built-in way to directly configure cookie flags such as Secure, HttpOnly, or SameSite. However, if you're running your Mendix application on an On-Premises setup, you can control and enhance cookie security by configuring these attributes at the reverse proxy level — typically IIS, NGINX, or Apache.

Ensure HTTPS Is Properly Configured

  • Install a valid SSL certificate from a trusted certificate authority (avoid self-signed certificates for production).

  • Bind your Mendix application site to HTTPS in IIS.

  • Mendix provides a helpful security checklist for On-Prem installations here: Security Checklist for On-Premises Installation

- Prasanna

answered