Last post Jul 03, 2017 09:49 AM by Eric Du
Jul 02, 2017 07:22 PM|kvmani32hASPNet|LINK
HTTP cookie used by My ASP.NET Web application, it was determined that the cookie's Secure flag was not set. Without this flag, the cookie's contents could potentially traverse a clear text channel, which could result in an attacker gaining access
to a user's session.
Please assist me.
Jul 03, 2017 08:53 AM|PatriceSc|LINK
https://msdn.microsoft.com/en-us/library/1d3t3c61(v=vs.100).aspx and see the RequireSSL attribute.
It asks the browser to send back cookies to the server only if https is used.
Jul 03, 2017 09:49 AM|Eric Du|LINK
According to your description, I think you could set the requireSSL value to true, this will indicate Secure Sockets Layer (SSL) communication is required. For more details, please
refer to the following tutorials:
httpCookies Element (ASP.NET Settings Schema):
How can I set the Secure flag on an ASP.NET Session Cookie?