Session cookie that server sets while logging in does not have “secure” flag

0.00/5 (No votes)

See more:

Hi Guys,

I'm trying to add below line in web.config to include secure flag on session cookie.

<httpCookies requireSSL="true" />

But, upon adding this line, my application log's out and does not allows me to go further after logging into the application.

My authentication in web.config is

<authentication mode="Windows"/>

My aim is to set secure flag. Without the “secure” flag, the browser could inadvertently send session cookies over unencrypted connections, which could allow the cookie to be compromised over the network.

Thanks & regards,
Puneeth

Posted 1-Jan-15 18:57pm

Puneeth_CS

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Last 24hrs

This month

Pete O'Hanlon	140
Richard Deeming	70
Maciej Los	60
M-Badger	60
OriginalGriff	40

Pete O'Hanlon	1,335
OriginalGriff	997
Richard MacCutchan	305
Dave Kreskowiak	280
Richard Deeming	235