How to mark “S_pers” and “s_sess” cookies as secure in ASP.NET?
Question
There are three cookies getting generated when I open my website "ASP.NET_SessionId", "S_pers" and "s_sess" .
I'm able to make "ASP.NET_SessionId" as secure by using the following line in web.config
<httpCookies requireSSL="true" />
But other cookies are still not secured. How can I secure the other cookies "S_pers" and "s_sess" in ASP.NET?
1 answers
solution1
0 ACCPTED 2016-12-02 00:01:02
If they are set from OmnitureAnalytics.js, .NET has nothing to do with them. Also as they are set on the client from Javascript, any server setting is irrelevant.
OmnitureAnalytics should be able to set its cookies as secure. If it cannot, you can't easily do much about it (apart from changing OmnitureAnalytics.js, which you probably don't want to do).
From your perspective it sounds more like a 3rd party security decision - are you willing to accept the risk or not (this should depend on things like what is in those cookies, what happens if an attacker learns those cookie values, etc.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.