4

Is there a direct way to test the value of the Secure Attribute in Encrypted Session (SSL) Cookie, for example, by using IE 11? I need to ensure that the Secure Attribute is set to "True"....

NOTE: I programmed the answer to How can I set the Secure flag on an ASP.NET Session Cookie? in the web.config of my ASP.net-MVC project. The answer can be found here:

How can I set the Secure flag on an ASP.NET Session Cookie?

However, I want to know how to directly test the result (i.e. in IE -- always wanted to say that!) without just relying on the web.config being correct.

Thanks.

Community
  • 1
  • 1
JosephDoggie
  • 1,514
  • 4
  • 27
  • 57
  • Using the method described in How can I set the Secure flag on an ASP.NET Session Cookie? http://stackoverflow.com/questions/1442863/how-can-i-set-the-secure-flag-on-an-asp-net-session-cookie does indeed work; but I still don't know how to directly verify this. Someone else used a scanning tool to determine that it did work. – JosephDoggie Feb 10 '15 at 13:18

1 Answers1

5

Look at the Set-Cookie header in the HTTP response in Fiddler or your dev tools' network atb, and make sure it includes the Secure flag.

SLaks
  • 868,454
  • 176
  • 1,908
  • 1,964