Secure session cookies in ASP.NET over HTTPS

Question :

Secure session cookies in ASP.NET over HTTPS,

Answer :

I got a little curious after reading over hijacking HTTPS cookies. I tracked it down a bit, and a good resource I stumbled across lists a few ways to secure cookies Must I use adsutil, or will setting requireSSL in the httpCookies section of web.config cover session cookies in addition to all others ? Is there anything else I should be considering to harden sessions further?

,

 

A 19 page white paper on “Secure Session Management with Cookies for Web Applications”

They cover lots of security issues that I haven’t seen all in one spot before. It’s worth a read.

Read More  Issues using MS Access as a front-end to a MySQL database back-end?

That’s the answer Secure session cookies in ASP.NET over HTTPS, Hope this helps those looking for an answer. Then we suggest to do a search for the next question and find the answer only on our site.

Disclaimer :

The answers provided above are only to be used to guide the learning process. The questions above are open-ended questions, meaning that many answers are not fixed as above. I hope this article can be useful, Thank you