locked
Secured Cookie not authenticated to Login RRS feed

  • Question

  • User938988760 posted

    Hi,

    in my ASP.NET Applicaiton , i'm securing the cookie while logging in, but the cookies are autheticated, but the application is unable to login.

    i have specified the code in Application_EndRequest of Global.asax.cs

    if (Response.Cookies.Count > 0)
    {
    foreach (string s in Response.Cookies.AllKeys)
    {
    if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid")
    {
    Response.Cookies[s].Secure = true;
    }
    }
    }

    any more configuration to be done?

    Please provide your suggestions on this

    Thank You

    Monday, September 29, 2014 5:31 AM

Answers

  • User-1818759697 posted

    Hi,

    HttpCookie.Secure Property would get or set a value indicating whether to transmit the cookie using Secure Sockets Layer (SSL)--that is, over HTTPS only. To set the transmission of cookies using SSL for an entire application, enable it in the application's configuration file, Web.config, which resides in the root directory of the application

    When dealing with sensitive information, it is strongly recommended that you use HTTPS protocol with SSL encryption. SSL protects against data being altered (data integrity), protects a user's identity (confidentiality), and assures that data originates from the expected client (authentication).

    Besids, I am not sure the code line if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid"), does each s.ToLower() == "asp.net_sessionid" ?

    Regards

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, September 30, 2014 3:01 AM