How to secure the ASP.NET_SessionId cookie?

To add the ; secure suffix to the Set-Cookie http header I simply used the <httpCookies>element in the web.config:

  <httpCookies httpOnlyCookies="true" requireSSL="true" />

IMHO much more handy than writing code as in the article of Anubhav Goyal.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *