stackoom
  简体   繁体   中英

Secure session cookies in ASP.NET over HTTPS

 原文  2008-09-10 13:53:12       asp.net/ security/ session/ cookies

Question

I got a little curious after reading this /. article over hijacking HTTPS cookies. I tracked it down a bit, and a good resource I stumbled across lists a few ways to secure cookies here . Must I use adsutil, or will setting requireSSL in the httpCookies section of web.config cover session cookies in addition to all others ( covered here )? Is there anything else I should be considering to harden sessions further?

2 answers

solution1
 11  2012-06-15 15:07:38

用于控制它的web.config设置进入System.Web元素,如下所示: 

<httpCookies httpOnlyCookies="true" requireSSL="true" />

solution2
 11 ACCPTED  2008-09-10 14:12:26

https://www.isecpartners.com/media/12009/web-session-management.pdf

A 19 page white paper on "Secure Session Management with Cookies for Web Applications"

They cover lots of security issues that I haven't seen all in one spot before. It's worth a read.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question asp.net secure cookies Secure Cookies in ASP.NET Cookies and session in asp.net Session cookies and asp.net Session and Cookies asp.net How secure are ASP.net security cookies Secure Cookies in ASP.NET not adding a secure Flag ASP.Net delete/expire session cookies Cookies and session state in asp.net Do session use cookies in ASP.NET?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM