How to secure the ASP.NET_SessionId cookie? 设置ASP.NET_SessionId Secure=true
How to secure the ASP.NET_SessionId cookie?
To add the ; secure suffix to the Set-Cookie http header I simply used the <httpCookies>element in the web.config:
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
<system.web>
IMHO much more handy than writing code as in the article of Anubhav Goyal.
See: http://msdn.microsoft.com/en-us/library/ms228262(v=vs.100).aspx
|
🐳 作者:dupeng0811 📢 版权:本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接 💬 留言:同时 , 如果文中有什么错误,欢迎指出。以免更多的人被误导。 |
|
