Last post Sep 30, 2014 03:01 AM by Shawn - MSFT
Sep 29, 2014 05:31 AM|DavidBilla|LINK
in my ASP.NET Applicaiton , i'm securing the cookie while logging in, but the cookies are autheticated, but the application is unable to login.
i have specified the code in Application_EndRequest of Global.asax.cs
if (Response.Cookies.Count > 0)
foreach (string s in Response.Cookies.AllKeys)
if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid")
Response.Cookies[s].Secure = true;
any more configuration to be done?
Please provide your suggestions on this
Sep 30, 2014 03:01 AM|Shawn - MSFT|LINK
HttpCookie.Secure Property would get or set a value indicating whether to transmit the cookie using Secure Sockets Layer (SSL)--that is, over HTTPS only. To set the transmission of cookies using SSL for an entire application, enable it in the
application's configuration file, Web.config, which resides in the root directory of the application
When dealing with sensitive information, it is strongly recommended that you use HTTPS protocol with SSL encryption. SSL protects against data being altered (data integrity), protects a user's identity (confidentiality), and assures that data originates
from the expected client (authentication).
Besids, I am not sure the code line if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid"), does each s.ToLower() == "asp.net_sessionid" ?