after changing requiredSSL property from false to true in web.config, Session values becoming null automatically

Question

My application is using Dotnet frame work 4.0. I have received a security vulnerabilty point to set Cookie path to Secure. So after changing requiredSSL property from false to true in web.config,Cookie path set to Secure but Session values becoming null automatically. I had no clue on this how to over come on this. Please guide me. I am having both simple aspx pages and Master page referenced aspx pages.

Web.config Code:

<httpCookies requireSSL="false" httpOnlyCookies="true" domain="" />
<sessionState mode="InProc" cookieless="false" timeout="20"></sessionState>

My application start up Url where project is virtual directory name:

https://site.mysite.com/Project

My application has different directories and url seems like :

https://site.mysite.com/Project/Default.aspx
https://site.mysite.com/Project/Dir1/Customers.aspx
https://site.mysite.com/Project/Dir2/Agents.aspx

Try this guide: https://blog.elmah.io/the-ultimate-guide-to-secure-cookies-with-web-config-in-net/ Does your app is self host server or IIS module or Windows service? — VitezslavSimon, Oct 26 '21 at 13:16
Does your app is web service or uses MVC - https://learn.microsoft.com/cs-cz/aspnet/mvc/? — VitezslavSimon, Oct 26 '21 at 13:18
My application is pure Asp.net web application and it is hosted on IIS — user1463065, Oct 26 '21 at 13:31
Did you checked IIS configuration? https://stackoverflow.com/a/54886072/10744181 Did you added certificate here in IIS? — VitezslavSimon, Oct 26 '21 at 14:17

after changing requiredSSL property from false to true in web.config, Session values becoming null automatically

0 Answers0