If you’re running a HTTPS-only web application, then you probably have requireSSL set to true in your web.config like so:
<httpCookies requireSSL="true" httpOnlyCookies="true"With requireSSL set, any cookies ASP.NET sends with the HTTP response – in particular, the forms authentication cookies – will have the “secure” flag set. This ensures that they will only be sent to your website when … Read more “SSL Termination and Secure Cookies/requireSSL with ASP.NET Forms Authentication”