< class="prominent-subhead ">

How to enable the secure flag "FedAuth cookie".

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.


The user can't enable the secure flag for "FedAuth cookie", resulting in the "requireSSL" to be in a false state. This results in the web.config text file in SmartForm/Designer not to be fully updated.


You cannot enable the "FedAuth cookie" secure flag, but the other secure flags for different cookies are enabled.

Troubleshooting Steps

1. Open your browser and enter your Designer URL e.g. https://k2.denallix.com/Designer.

2. Press F12 to enter the “Inspection page” mode also known as the “Dev Tools”.

3. Locate and click the “Application” element on the tool bar.

4. Navigate to Storage and click on cookie, then click on the first URL just below the “Application” element.

5. You should see three (3) different cookies with their information, namely:
• “AspxAutoDetectCookieSupport”
• “FedAuth”
• “XSRFCookie”

6. In the Secure Column for “FedAuth” you will notice it is not ticked to show that the Secure flag is enabled for FedAuth cookie, but the rest of the cookies should be.

Next, navigate to File (Windows) Explorer and go to the K2 folder (C:\Program Files (x86) \K2\K2 SmartForms Designer). (Usually, it is in the selected drive you choose when installing the K2 application.)

Please do the following:

• Search for the “Web.Config” text file.

• Right-click on the text file to edit, with a text editor of your choice.

• Search for “RequireSSL”. You could use the “Ctrl + F“ function as a search method.

• Where the “requiredSSL” = “false”, change it to “true”.

• If you find a “lock item = true” property on the same line is the “RequireSSL = false”, remove the “lock item = true” property. It’s not needed here. 

• Save your changes and exit the text editor.

• Navigate back to the browser. Refresh the page, clear the cookies, cache your browsing history and other data.

• After repeating these steps the Secure column for “FedAuth “should be checked and if it’s not, restart and repeat the above-mentioned steps.

It is good practice to restart your PC and login again after making these changes, so that they can take affect.