0

I have set the following under web.config in my app

<system.web>
    <httpCookies httpOnlyCookies="true" requireSSL="true" lockItem="true" />
    <authentication mode="Forms">
      <forms name="testweb" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx"               requireSSL="true" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseCookies" />
    </authentication>
</system.web>

and now I want to ensure that the configuration is right. What's the easiest way to test that both http only and secure flag are working properly?

Thanks

overloading
  • 1,210
  • 4
  • 25
  • 46

1 Answers1

1

your configuration is correct if you want to check whether your cookies are set with both httponly and secure you can use either Developer tools in IE or FireBug add-on in Firefox.

FireFox: Just Add a plugin to Firebug from here, run it and head over to cookies section whenever you request a webpage it will provide all the cookie information.

Internet Explorer: clicking F12 brings the developer tools in IE but investigating about cookies is littile tricky here.

  1. open developer tools by IE.
  2. Go to Network tab
  3. click start capturing and navigate to your website.
  4. Double click on the URL you are interested in to get Detailed View.
  5. Again going to the cookies tab in detail view will tell you how the cookie was RECEIVED from web server. Make sure the cookie direction as Received.
Emkay
  • 91
  • 1
  • 5