Secure Cookies in ASP.NET not adding a secure Flag

Question

I have created a asp.net project Created a new HTTPCookie,i want to add a secure flag to it when my connect is secure Below is my Code

var responseCookie = new HttpCookie(Test)
        {
            HttpOnly = true,
            Value = asdasdhoi234
        };
        if (FormsAuthentication.RequireSSL && Request.IsSecureConnection)
        {
            responseCookie.Secure = true;
        }
       Response.Cookies.Set(Test);

But the cookie is still not secure ,i am not understanding the problem.

In my httpsHeaders it still does not show my secure cookies My domain is https but still my cookies are not secure.

Answer 1

new HttpCookie constructor takes a string as an argument. Hence I suppose your Test is a string. You need to set the Secure flag on an actual cookie object and not a string. Try this:

var responseCookie = new HttpCookie(Test)
{
    HttpOnly = true,
    Value = "asdasdhoi234",
    Secure = FormsAuthentication.RequireSSL && Request.IsSecureConnection
};
Response.Cookies.Set(responseCookie);

Also, please make sure that your web.config contains requireSSL attribute set to true as stated in docs :

 <authentication mode="Forms"> <forms loginUrl="member_login.aspx" cookieless="UseCookies" requireSSL="true" path="/MyApplication" /> </authentication>