Last post Sep 12, 2018 09:54 PM by Alex9
Sep 12, 2018 04:47 AM|Alex9|LINK
What parameters do I need to add with cookie for security efficiency?
Thank you for your assistance!
Sep 12, 2018 07:12 AM|Brando ZWZ|LINK
As far as I know, if we want to secure the cookie in C#, I suggest you could add below web config to make your cookie more security.
<httpCookies httpOnlyCookies="true" requireSSL="true" lockItem="true" />
The lockItem attribute ensures that other web.config's cannot override these settings.
The requireSSL attribute instructs the browser to include the cookie only in requests that are sent over an SSL/TLS connection.In effect the cookie will be missing in requests to addresses starting with http://, but will be included in requests to addresses
served over https://. This attribute is read by the browser when the cookie is set, in subsequent requests the secure flag will be included in neither request nor response.
The HttpOnly attribute politely asks the web browser to not share a cookie with scripts or Applets. For session cookies, this attribute should always be true. As with the secure attribute, httpOnly can only be seen when a cookie is set in a response.
Sep 12, 2018 09:54 PM|Alex9|LINK