Issue with setting session cookie http and secure to true

Asked May 27 '15 at 06:04

Active May 27 '15 at 06:15

Viewed 1,079 times

I have a project build on Asp.net MVC 4 and in our application we need to make the session cookie secure.

I have tried this code to make my cookie secure.

var encryptedTicket = FormsAuthentication.Encrypt(authenticationTicket);
httpContext.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Secure = true, HttpOnly = true });

Also in webconfig file

<httpCookies httpOnlyCookies="true" requireSSL="true" />

The issue is when I am using HttpOnly = true, application is able to create the cookie successfully.

But when I tried also with secure = true, cookie was not created and user never gets logged in.

After login enter image description here Can somebody please help where i am getting wrong.

Thanks in advance.

edited May 27 '15 at 06:15

asked May 27 '15 at 06:04

Rahul lamba

4

Obvious question first - are you accessing the site over SSL? – Damien_The_Unbeliever May 27 '15 at 06:23
Oh god....you saved my life....I was testing this locally. Tried over SSL and it worked. Thanks again. – Rahul lamba May 27 '15 at 06:27

Issue with setting session cookie http and secure to true

0 Answers0