How can i validate then cookie is httponly on sever side .net

Asked Aug 26 '19 at 12:19

Active Aug 26 '19 at 12:19

Viewed 256 times

How can i validate then cookie is httponly on sever side .net ??

I wanna know for sure that this cookies is mine and not set by some malicious client....

This is my code, and cookie.HttpOnly or cookie.Secure always retuen false value...

if ((HttpContext.Current.Request.Cookies.Count > 0)) {
    object cookie = HttpContext.Current.Request.Cookies["mycookie"];
    if (cookie) {
        IsNot;
        null;
        if ((cookie.HttpOnly && cookie.Secure)) { // always false!!!
            _token = cookie.Value;                
        }            
    }        
}

asked Aug 26 '19 at 12:19

Zvi Redler

1,708
1
18
29

2

You can't. Also, people can use browser plugins or tools like PostMan to create their own cookie values. So why do you want this? – CodeCaster Aug 26 '19 at 12:27
Add a signature to the cookie content? https://stackoverflow.com/questions/6845275/checking-if-user-has-changed-cookie-value-manually – rene Aug 26 '19 at 12:27

How can i validate then cookie is httponly on sever side .net

0 Answers0