"Missing secure attribute in cookie with encrypted session (SSL)"

Question

"Missing secure attribute in cookie with encrypted session (SSL)"

In my web application, only the login page has SSL. As a result of the security check, I received the following error: "Missing Secure Attribute in Encrypted Session (SSL) Cookie" . My question is: how to add a security attribute for login.aspx page only.

+4

security web-applications asp.net

user1890098 Sep 06 '13 at 7:04

source share

1 answer

bobince · Accepted Answer · 2013-09-06T13:44:05+0000

You cannot: if you did this as soon as the user left the SSL login page, their cookie will disappear and they will no longer be registered. If you must have a hybrid site with partially SSL, you will have to give a warning.

The real security issue is that you have a partially SSL site; A cookie warning is just a symptom of this. It is usually best to serve everything over SSL.

"Missing secure attribute in cookie with encrypted session (SSL)"

More articles: