Loading

How to secure the ASP.NET_SessionId cookie? 设置ASP.NET_SessionId Secure=true

How to secure the ASP.NET_SessionId cookie?

To add the ; secure suffix to the Set-Cookie http header I simply used the <httpCookies>element in the web.config:

<system.web>
  <httpCookies httpOnlyCookies="true" requireSSL="true" />
<system.web>

IMHO much more handy than writing code as in the article of Anubhav Goyal.

See: http://msdn.microsoft.com/en-us/library/ms228262(v=vs.100).aspx

posted @ 2018-03-06 17:52  Dhoopu  阅读(1109)  评论(0编辑  收藏  举报