Last post Oct 10, 2014 05:30 AM by Summer - MSFT
Oct 09, 2014 01:22 AM|saurabh.15in|LINK
I am facing one issue to make cookie secure.
Appsec Team want to make the cookie secure and Httponly for one of the application exposed on internet which works on https. The SSL Certificate is installed in reverse proxy server.So the communication is as below.
Client------https (SSL)---->Reverse proxy---http---->Web UI Server
The issue is, if we make the cookie secure, the Application will not read the cookie as the communication between RP and UI Server is on http. Please suggest.
Oct 09, 2014 02:30 AM|raju dasa|LINK
check this site, may help u:
Oct 10, 2014 05:30 AM|Summer - MSFT|LINK
Welcome to the ASP.NET forum.
Based on my understanding, you could try to write the following code in your
EndRequest Event handler. This code can be added in an HttpModule or in
your global.asax file.
if (Response.Cookies.Count > 0)
foreach (string s in Response.Cookies.AllKeys)
if (s == FormsAuthentication.FormsCookieName || s.ToLower() == “asp.net_sessionid”)
Response.Cookies[s].Secure = true;
Forms Authentication cookie can also be marked secured by setting the requireSSL attribute in the tag in the web configuration file.
Further information you could refer to the links below:
If there’s anything else I can do for you on this matter, please feel free to contact me at any time.