Base solution for your next web application
Open Closed

MSD-like Cookie secure setting #10948


User avatar
0
lalande1988 created

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

  • What is your product version? => 9.01 (.net 3.1)
  • What is your product type (Angular or MVC)? => MVC
  • What is product framework type (.net framework or .net core)? => .net core

Question

The task is to "Set-Cookie Secure", as outlined here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#syntax:

<br>

Current

Below is the Google DevTools print which shows that Content Security Policy (CSP) has been added - completed (upper arrow).

Question: Next, the secure cookie is required (lower arrow). Would you be able to help (which code in which file?)

Thanks!


2 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    If you use HTTPS, I think it should be already secured. You can also configure cookie options as shown below;

    services.Configure<CookiePolicyOptions>(options =>
    {
    	options.Secure = CookieSecurePolicy.Always;
    });
    
  • User Avatar
    0
    lalande1988 created

    Hi,

    excellent, this is perfect. Thank you!