Secure flag not set to Cookies in .Net application
Question
I have included below lines of code in my Web.Config and Global.asax.cs file. Still when I use developer tools in browser I could see secure flag not set to the below Cookies.
Also Configured SSLSettings in my IIS(Selected checkbox requireSSL).
I would like to set Secure attribute to all Cookies not only to received but also to Sent cookies. Any suggestion please.
In Web.config:
<httpCookies requireSSL="true"/>
In Global.asax.cs:
protected void Application_EndRequest(object sender, EventArgs e)
{
if (Request.IsSecureConnection == true && HttpContext.Current.Request.Url.Scheme == "https")
{
Request.Cookies["ASP.NET_SessionID"].Secure = true;
if (Request.Cookies.Count > 0)
{
foreach (string s in Request.Cookies.AllKeys)
{
Request.Cookies[s].Secure = true;
}
}
Response.Cookies["ASP.NET_SessionID"].Secure = true;
if (Response.Cookies.Count > 0)
{
foreach (string s in Response.Cookies.AllKeys)
{
Response.Cookies[s].Secure = true;
}
}
}
}
In Browser:
1 answers
solution1
1 2017-09-15 08:50:59
There are two ways, one httpCookies element in web.config allows you to turn on requireSSL which only transmit all cookies including session in SSL only and also inside forms authentication, but if you turn on SSL on httpcookies you must also turn it on inside forms configuration too.
<form>
<httpCookies requireSSL="true" />
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.