Categories
Information Security & Privacy Software Engineering

SSL Termination and Secure Cookies/requireSSL with ASP.NET Forms Authentication

If you’re running a HTTPS-only web application, then you probably have requireSSL set to true in your web.config like so:

<httpCookies requireSSL="true" httpOnlyCookies="true"

With requireSSL set, any cookies ASP.NET sends with the HTTP response – in particular, the forms authentication cookies – will have theĀ “secure” flag set. This ensures that they will only be sent to your website when … Read more “SSL Termination and Secure Cookies/requireSSL with ASP.NET Forms Authentication”