Hi Tim,

I'd look at that page before, but you posting this again made me look at it again. It looks like this could work. However when I look in the global.asax page I see 

<%@ Application Codebehind="Global.asax.cs" Inherits="Umbraco.Web.UmbracoApplication" Language="C#" %>

Which suggests to me that Umbraco is already doing *something* in the global.asax, Im going to have a look at the source now and see if I could may be duplicate it and change the inheritence in this file. Or is there another way to register this within Umbraco? 

Yes that worked!

I had to create a new DLL including system.web & umbraco & umbraco.core with this class

using System;
using System.Web;

namespace SecureCookies
{
    public class Global : Umbraco.Web.UmbracoApplication
    {
      public void Init(HttpApplication application)
      {
          application.EndRequest += (new EventHandler(this.Application_EndRequest));
      }

      private void Application_EndRequest(object sender, EventArgs e)
      {
          if (Response.Cookies.Count > 0)
            {
                foreach (string s in Response.Cookies.AllKeys)
                {
                         Response.Cookies[s].Secure = true;
                         Response.Cookies[s].HttpOnly = true;
                }
            }
      }

    }
}

which was compiled into a dll project as SecureCookies.dll

and then update the global.asax to

<%@ Application Codebehind="Global.asax.cs" Inherits="SecureCookies.Global" Language="C#" %>

Worked an absolute treat - thank you for making me look at that approach again. Thanks Tim.

Awesome! Glad it helped :)

put the source code here:

https://github.com/johncscott/uSecureCookies

half thinking about making a package

not sure how useful it would be

is working on a reply...