DEVHIDE
Login Or Sign up

ASP.NET_SessionId Request Cookie Not Secure?

504 Views Asked by At

In the server response, I am adding the "secure" flag to all cookies by placing the following line within the web.config:

<system.web>
   <httpCookies requireSSL="true" />
</system.web>

This seems to work since the ASP.NET_SessionId cookie shows the "secure" flag in the response: enter image description here

However, when I perform an action on the page and check the Dev Tools again, I noticed that the very same cookie no longer has the "secure" flag in the client request: enter image description here

I am using Internet Explorer 11 developer tools to view the Network.

Should the session cookie contain the "secure" flag in the client's request? If not, are there any security implications of having an "insecure" request cookie?

After spending some time looking into it, I did not find any code in my application that was altering the cookies or the "secure" flag on the cookies. Any information on the matter will be appreciated.

asp.net-mvc asp.net-mvc-4 cookies http-headers asp.net-session
Original Q&A
0

There are 0 best solutions below

Related Questions in ASP.NET-MVC

Related Questions in ASP.NET-MVC-4

Related Questions in COOKIES

Related Questions in HTTP-HEADERS

Related Questions in ASP.NET-SESSION

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.