How can I set the Secure flag on an ASP.NET Session Cookie, so that it will only be transmitted over HTTPS and never over plain HTTP?
+1
A:
There are two ways, one httpCookies element in web.config allows you to turn on ReqiresSSL which only transmite all cookies including session in ssl only and also inside forms authentication, but if you turn on ssl on httpcookies you must also turn it on inside forms configuration too.
Akash Kava
2009-09-18 06:53:34
+1 This worked. Thanks!
Alex
2009-09-18 07:05:16