How to check for insecure cookies
Install the Firecookie extension for Firebug so you can examine the cookie security settings.
Before
Set requireSSL to true.
<system.web> <!-- ... --> <httpCookies requireSSL="true"/> <!-- ... --> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" protection="All" timeout="30" path="/" requireSSL="true" slidingExpiration="true" cookieless="UseCookies" enableCrossAppRedirects="false" /> </authentication> <!-- ... --> </system.web>
After
See Also: