user1890098
Reputation: 495
"Missing Secure Attribute in Encrypted Session (SSL) Cookie"
In my web application, only the login page has SSL enabled. In a security scan result, I received the following error, "Missing Secure Attribute in Encrypted Session (SSL) Cookie". My question is how to do add secure attribute only for the login.aspx page.
Upvotes: 4
Views: 2742
Answers (1)
bobince
Reputation: 536615
You can't—if you did then once the user left the SSL login page their cookie would disappear and they would cease to be logged in. If you must have a hybrid partially-SSL site then you will have to put up with the warning.
The real security issue is that you have a partially-SSL site; the cookie warning is just a symptom of that. It is usually best to serve everything over SSL.
Upvotes: 3
Related Questions
- How can I set the Secure flag on an ASP.NET Session Cookie?
- asp.net secure cookies
- Cookies secure flag in IE and Chrome browser
- Secure Cookies in ASP.NET
- Secure Cookie Issue: Cookies only secure sometimes
- Secure session cookies in ASP.NET over HTTPS
- ASP.NET Securing Cookie on HTTP and HTTPS
- ASP.NET Cookie not set when using https
- cookie in default not secure but secure in SSL
- authCookie not secure in global.asax