httpOnly attribute and Out of the box SharePoint workflow

HTTPOnlyCookies attribute is a good security control but if you enable it in SharePoint it will prevent or cause an error when you are creating out of the box SharePoint workflows.

Error :

“Application error when access /_layouts/15/CstWrkflIP.aspx, Error=Value cannot be null. ….”

Fix:

Remove this attribute httpOnlyCookies=”true”¬†from web.config and accept the risk or extend the SharePoint web application and only remove it from internal access website.