Dec 01, 2017 02:47 AM|zxj|LINK
please tell me how to secure cookie when we are not using ssl or certificate for a web site.
In my opinion, I think security is always first, if you already know that there are certain ways to avoid risk, then I will definitely do it instead of avoiding the known methods.
Use HTTP-Only and SSL-Only Cookies
To protect your sites users' cookies from being accessed by scripts in other domains and protect against them being read from min-in-the-middle attackers, ensure the following settings is enabled in Web.config:
<httpCookies httpOnlyCookies="true" requireSSL="true" />