Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
How can I secure asp.net_sessionid cookie in Umbraco 8?
There is quite a good answer on here:
The gist of it is there are 2 things you can set up in Web.Config for your site:
<sessionState cookieless="false" cookieName="__Secure-SID" cookieSameSite="Lax" />
<httpCookies httpOnlyCookies="true" sameSite="Lax" requireSSL="true" />
By setting this it should make all of your cookies secure by default I think. (I've not tested it so err on the side of caution and make sure things work as expected)
Adding that into the webconfig doesnt do anything. The cookie remains unsecure.
I would like to try this in the Component Class using IComponent but Im not sure how to implement this correctly in Umbraco.
if (Response.Cookies.Count > 0)
foreach (string s in Response.Cookies.AllKeys)
if (s == FormsAuthentication.FormsCookieName || "asp.net_sessionid".Equals(s, StringComparison.InvariantCultureIgnoreCase))
Response.Cookies[s].Secure = true;
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted