stackoom
  简体   繁体   中英

How to add prefix to cookie in asp.net core?

 原文  2021-11-02 08:06:18       c#/ asp.net-core/ cookies/ setcookie

Question

I have run a scan on SecurityHeaders.com which shows a warning that cookie has no prefix and I don't know how to add a prefix to a cookie. Can anybody tell me how to do it in asp.net core ?. Screenshot of website scan result

Here is the ConfigureServices method from Startup.cs class

public void ConfigureServices(IServiceCollection services)
        {
            
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => false;
                options.MinimumSameSitePolicy = SameSiteMode.None;
                options.Secure = CookieSecurePolicy.Always;
            });

            services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
               .AddAzureAdB2C(options => Configuration.Bind("AzureAdB2C", options))
               .AddCookie(); 

            services.AddMvc()
               .SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
            services.AddDistributedMemoryCache();
            services.AddSession();
       }

And here is Configure method

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();

            }
            app.UseExceptionHandler("/Error");
            app.UseHsts();
            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();
            app.UseAuthentication();
            app.UseSession();

            app.UseMvc(routes =>
            {
                routes.MapRoute("home", "{action=Index}",
                    defaults: new { controller = "Home" });
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }

1 answers

solution1
 0  2021-11-02 11:51:01

I've found the answer. So posting it here if anybody needs it. Within the SessionOptions, set Cookie.Name to prefix+name.

Below __Secure- is prefix in Session Cookie Name. 

services.AddSession(options =>
            {
                options.Cookie.Name = "__Secure-.AspNetCore.Session";
                //options.IdleTimeout = TimeSpan.FromSeconds(600);
                //options.Cookie.IsEssential = true;
            });

and yes it solves the security header issue in scan too.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add a cookie based authenticationScheme in ASP.NET Core? Add a new persistent cookie using ASP.NET core Share cookie .net Core 3 and Asp.net Asp.net core 2 Prefix Routing ASP.NET Core routing prefix How do I invalidate an authentication cookie in ASP.NET Core? How to set a raw cookie value in asp.net core? How to set a cookie in a ASP.NET Core Web API project How to set the cookie validateInterval in ASP.NET Core? How to add LinkGenerator to ASP.NET Core?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM