是否有可能以纪念饼干ASP.NET_sessionID为安全 [英] Is it possible to mark the cookie ASP.NET_sessionID as secure
本文介绍了是否有可能以纪念饼干ASP.NET_sessionID为安全的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
安全审核后,我设置cookie ASP.NET_sessionID为安全的要求。
After a security audit I got the requirement to set the cookie ASP.NET_sessionID as "secure".
眼下不设置标志。
我可以使用SessionIDManager将其设置为安全?我已经在使用本code登录后更改会话cookie的值:
Can I use SessionIDManager to set it as secure? I am already using it to change the value of the Session cookie after logging in with this code:
System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager();
string oldId = manager.GetSessionID(System.Web.HttpContext.Current);
string newId = manager.CreateSessionID(System.Web.HttpContext.Current);
bool isAdd = false, isRedir = false;
manager.SaveSessionID(System.Web.HttpContext.Current, newId, out isRedir, out isAdd);
修改
我看到了,我可以设置
<httpCookies httpOnlyCookies="false" requireSSL="true" />
但我只希望有这样一个cookie中的安全
But I only want to have this one cookie secure
推荐答案
这应使您能够设置Cookie的安全:
This should enable you to set the cookie as secure:
void Application_EndRequest(object sender, EventArgs e)
{
var sessionCookieKey = Response.Cookies.AllKeys.SingleOrDefault(c => c.ToLower() == "asp.net_sessionid");
var sessionCookie = Response.Cookies.Get(sessionCookieKey);
if(sessionCookie != null)
{
sessionCookie.Secure = true;
}
}
这篇关于是否有可能以纪念饼干ASP.NET_sessionID为安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文