Pages

Thursday, March 18, 2010

Secure ASP.NET Session Cookies

How to check for insecure cookies

Install the Firecookie extension for Firebug so you can examine the cookie security settings.

Before

Set requireSSL to true.

  <system.web>
    <!-- ... -->
    <httpCookies requireSSL="true"/>
    <!-- ... -->
    <authentication mode="Forms">
      <forms name=".ASPXAUTH"
      loginUrl="~/Login.aspx"
      defaultUrl="~/Default.aspx"
      protection="All"
      timeout="30"
      path="/"
      requireSSL="true"
      slidingExpiration="true"
      cookieless="UseCookies"
      enableCrossAppRedirects="false" />
    </authentication>
    <!-- ... -->
  </system.web>

After

See Also:

No comments:

Post a Comment