I have created a asp.net project Created a new HTTPCookie,i want to add a secure flag to it when my connect is secure Below is my Code
var responseCookie = new HttpCookie(Test)
{
HttpOnly = true,
Value = asdasdhoi234
};
if (FormsAuthentication.RequireSSL && Request.IsSecureConnection)
{
responseCookie.Secure = true;
}
Response.Cookies.Set(Test);
But the cookie is still not secure ,i am not understanding the problem.
In my httpsHeaders it still does not show my secure cookies My domain is https but still my cookies are not secure.
new HttpCookie
constructor takes a string as an argument. Hence I suppose your Test
is a string. You need to set the Secure
flag on an actual cookie object and not a string. Try this:
var responseCookie = new HttpCookie(Test)
{
HttpOnly = true,
Value = "asdasdhoi234",
Secure = FormsAuthentication.RequireSSL && Request.IsSecureConnection
};
Response.Cookies.Set(responseCookie);
Also, please make sure that your web.config contains requireSSL
attribute set to true as stated in docs :
<authentication mode="Forms"> <forms loginUrl="member_login.aspx" cookieless="UseCookies" requireSSL="true" path="/MyApplication" /> </authentication>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.