Answered by:
Seure Cookie

Question
-
User-1432295049 posted
Hi,
I am facing one issue to make cookie secure.
Appsec Team want to make the cookie secure and Httponly for one of the application exposed on internet which works on https. The SSL Certificate is installed in reverse proxy server.So the communication is as below.
Client------https (SSL)---->Reverse proxy---http---->Web UI Server
The issue is, if we make the cookie secure, the Application will not read the cookie as the communication between RP and UI Server is on http. Please suggest.
Regards,
Saurabh
Thursday, October 9, 2014 1:22 AM
Answers
-
User-1151753377 posted
Hi Saurabh,
Welcome to the ASP.NET forum.
Based on my understanding, you could try to write the following code in your EndRequest Event handler. This code can be added in an HttpModule or in your global.asax file.
if (Response.Cookies.Count > 0) { foreach (string s in Response.Cookies.AllKeys) { if (s == FormsAuthentication.FormsCookieName || s.ToLower() == “asp.net_sessionid”) { Response.Cookies[s].Secure = true; } } }
Forms Authentication cookie can also be marked secured by setting the requireSSL attribute in the tag in the web configuration file.
Further information you could refer to the links below:
http://anubhavg.wordpress.com/?s=why+we+need+to+mark+the+cookies+as+secured
If there’s anything else I can do for you on this matter, please feel free to contact me at any time.
Best Regards,
Summer
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Friday, October 10, 2014 5:30 AM
All replies
-
User527778624 posted
Hi,
check this site, may help u:
Thursday, October 9, 2014 2:30 AM -
User-1151753377 posted
Hi Saurabh,
Welcome to the ASP.NET forum.
Based on my understanding, you could try to write the following code in your EndRequest Event handler. This code can be added in an HttpModule or in your global.asax file.
if (Response.Cookies.Count > 0) { foreach (string s in Response.Cookies.AllKeys) { if (s == FormsAuthentication.FormsCookieName || s.ToLower() == “asp.net_sessionid”) { Response.Cookies[s].Secure = true; } } }
Forms Authentication cookie can also be marked secured by setting the requireSSL attribute in the tag in the web configuration file.
Further information you could refer to the links below:
http://anubhavg.wordpress.com/?s=why+we+need+to+mark+the+cookies+as+secured
If there’s anything else I can do for you on this matter, please feel free to contact me at any time.
Best Regards,
Summer
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Friday, October 10, 2014 5:30 AM