Hi Syed,
Mendix does not provide a built-in way to directly configure cookie flags such as Secure
, HttpOnly
, or SameSite
. However, if you're running your Mendix application on an On-Premises setup, you can control and enhance cookie security by configuring these attributes at the reverse proxy level — typically IIS, NGINX, or Apache.
Ensure HTTPS Is Properly Configured
Install a valid SSL certificate from a trusted certificate authority (avoid self-signed certificates for production).
Bind your Mendix application site to HTTPS in IIS.
Mendix provides a helpful security checklist for On-Prem installations here: Security Checklist for On-Premises Installation
- Prasanna