RequireSSL set to true, some cookies not marked as secure


Phil Johnson


I have an 3.5 website and need to ensure that all cookies are marked
as secure.

I set the following setting in the web.config file expecting all cookies to
be marked as secure but most are not. At a quick look it appears that only
the authentication cookie is marked as secure.

<httpCookies httpOnlyCookies="true" requireSSL="true" domain="" />

Does anybody know what I can do to make sure that all cookies are marked as
Secure? Ideally by using configuration.




Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question