I have a closed source app (asp.net) running on IIS 6/Windows Server 2003. I need to force the use of the flag "secure" on session cookie. How I can do that without access to the application source code ?
Thanks.
Asked
Active
Viewed 165 times
1 Answers
0
Consider running the whole application under HTTPS.
If you have access to the Global.asax file without it needing to be re-compilied (unlikely) you can add code into it to mark cookies as secure.
Is it possible to mark the cookie ASP.NET_sessionID as secure
Community
- 1
- 1
Andy Davies
- 1,456
- 9
- 13