tags:

views:

325

answers:

1
Q: 

How can I set the Secure flag on an ASP.NET Session Cookie?

How can I set the Secure flag on an ASP.NET Session Cookie, so that it will only be transmitted over HTTPS and never over plain HTTP?

+1  A: 

There are two ways, one httpCookies element in web.config allows you to turn on ReqiresSSL which only transmite all cookies including session in ssl only and also inside forms authentication, but if you turn on ssl on httpcookies you must also turn it on inside forms configuration too.

Akash Kava  2009-09-18 06:53:34
+1 This worked. Thanks!
Alex  2009-09-18 07:05:16

related questions

ASP.NET SQL Session db setup problem/confusion
Reuse another ASP.NET session (set Session ID)
Using ASP.NET session state with Silverlight (PRISM)
Session lost when opening IE window from application hosted in Outlook
Is it possible to share session state between asp.net aspx page making a call to an asp.net webservice
How do I access a asp.net session variable from APP_CODE??
Storing values in asp.net session using jquery
Classic ASP to ASP.Net one-off session data copy
ASP.Net Error - Unable to cast object of type 'System.String' to type 'System.Data.DataTable'.
Testing SSL with multiple SSL-Enabled Websites in IIS
If a site is secured via SSL, can a network sniffer still read the URLs being requested?
Maintain a user's session state in an ASP.NET MVC app hosted on a web farm
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.