如何在ASP.NET会话Cookie上设置安全标志? [英] How can I set the Secure flag on an ASP.NET Session Cookie?

问题描述

如何在ASP.NET会话Cookie上设置安全标志，以使其仅通过HTTPS传输而不能通过纯HTTP传输?

How can I set the Secure flag on an ASP.NET Session Cookie, so that it will only be transmitted over HTTPS and never over plain HTTP?

推荐答案

有两种方法，web.config中的一个httpCookies元素允许您打开requireSSL，该requireSSL仅传输包括SSL中的会话在内的所有cookie，也可以在表单身份验证中使用，但是如果您在httpcookie上启用SSL，则还必须在表单配置中也启用它.

There are two ways, one httpCookies element in web.config allows you to turn on requireSSL which only transmit all cookies including session in SSL only and also inside forms authentication, but if you turn on SSL on httpcookies you must also turn it on inside forms configuration too.

为清楚起见进行 放在<system.web>

<httpCookies requireSSL="true" />

这篇关于如何在ASP.NET会话Cookie上设置安全标志?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！