SSL Termination and Secure Cookies/requireSSL with ASP.NET Forms Authentication

If you’re running a HTTPS-only web application, then you probably have requireSSL set to true in your web.config like so: <httpCookies requireSSL="true" httpOnlyCookies="true" With requireSSL set, any cookies ASP.NET sends with the HTTP response – in particular, the forms authentication cookies – will have theĀ “secure” flag set. This ensures that they will only be sent to your website when… Read more “SSL Termination and Secure Cookies/requireSSL with ASP.NET Forms Authentication”