Last post Nov 27, 2014 12:20 AM by Summer - MSFT
Nov 26, 2014 04:23 AM|ramasuperstar|LINK
how to secure the flag ASP.NET_SessionId in asp.net application. Please provide proper configuration steps or code changes
i would like to see the Secure flag to be true for "ASP.NET_SessionId" in browser "Developer Tool"
Nov 26, 2014 04:57 AM|AidyF|LINK
You can configure this via the web.config
Note that "secure" cookies will only transmit over https so your session will only work via https and not http.
Nov 27, 2014 12:20 AM|Summer - MSFT|LINK
Welcome to the ASP.NET forum.
A cookie can be set with the Secure flag, which makes it to be sent only over a secure channel, such as an SSL connections. This Secure flag will ensure that session cookies are sent only over secure channels to prevent them from being captured in transit.
If an application is using the default ASP.Net session ID (e.g. ASP.NET_SessionID) as the session token, the secure flag can be set using the following code.
Include the following statement in the Session_Start of the global.asax file:
protected void Session_Start(Object sender, EventArgs e)
// secure the ASP.NET Session ID only if using SSL
// if you don't check for the issecureconnection, it will not work.
if (Request.IsSecureConnection == true)
Response.Cookies ["ASP.NET_SessionID"].Secure = true;
For more information,please refe to the links below.