RequireSSL set to true, some cookies not marked as secure


P

Phil Johnson

Hello,

I have an asp.net 3.5 website and need to ensure that all cookies are marked
as secure.

I set the following setting in the web.config file expecting all cookies to
be marked as secure but most are not. At a quick look it appears that only
the asp.net authentication cookie is marked as secure.

<httpCookies httpOnlyCookies="true" requireSSL="true" domain="" />

Does anybody know what I can do to make sure that all cookies are marked as
Secure? Ideally by using configuration.

Thanks,

Phil
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top