Set all cookies to use httponly and secure in ASP.Net

YulIhnio

SOLVED CLOSED ACTIVE ANSWERED
User: YulIhnio
Posted: on Jan 19, 2021 10:35 PM
Forum: ASP.Net Web Forms
Answer: 1
Views: 1282

I have a problem in terms of the httponly and secure properties for the ASPSESSION cookie ..., currently I handle various environments in which only 1 has ssl and the secure attribute works well, now as for the httponly attribute it always appears marked in all environments that do not have ssl but when I see that if it has ssl this attribute does not appear marked, does anyone know the reason or if it has already happened since the programming was replicated exactly the same?

It is worth mentioning that in the web config I only added these lines

<httpCookies httpOnlyCookies="true" requireSSL="true"/>

Download FREE API for Word, Excel and PDF in ASP.Net

dharmend...

0 2

Reply
ANSWER
User: dharmendr
Replied: on Jan 20, 2021 01:43 AM
Report

Refer below links.

https://security.stackexchange.com/questions/186441/any-reason-not-to-set-all-cookies-to-use-httponly-and-secure

https://owasp.org/www-community/HttpOnly

I agree, here is the link: https://www.e-iceblue.com/Introduce/spire-office-for-net-free.html

Set all cookies to use httponly and secure in ASP.Net

Company

Explore

Follow us

Contact Us