0

1.The Tester test my ASP.NET MVC website and report "Cookie not Sent Over SSL(4720)" issues.

2.And they provide me to solve this issue by Add <httpCookies httpOnlyCookies="true" requireSSL="true" /> in Web.config and then I followed the instructions.

3.The problem when i run and test my website the Session and TempData is null when change page. The code below is shown how i set Session and TempData.

3.1 I set Session and TempData when user go to "Home/Index".

public class HomeController : Controller
{
   public ActionResult Index()
   {
      TempData["class"] = "A";
      TempData.Keep();

      Session["status"] = "NO";

      return View();
   }
}

3.2 When user change page to "Admin/User" i get TempData["class"] and Session["status"] but both is null.

public class AdminController : Controller
{
   public ActionResult User()
   {
      string userclass = TempData["class"] != null ? TempData["class"].ToString() : "";

      string userstatus = Session["status"] != null ? Session["status"].ToSring() : "";

      UserModel usermodel = new UserModel(userclass, userstatus);
      return View(usermodel);
   }
}
  1. If i delete <httpCookies httpOnlyCookies="true" requireSSL="true" /> from Web.config and test again it's work. but it's still issue "Cookie not Sent Over SSL (4720)" when tester test this website.

How to fix this problem?

P.S. Sorry for bad english skill.

user2955394
  • 1,063
  • 4
  • 17
  • 34
  • Are you using SSL with IIS Express? – Oscar Jan 23 '18 at 10:13
  • @Oscar i test my website by run from visual studio 2013 it's use iis express. – user2955394 Jan 23 '18 at 10:22
  • But are you using SSL, yes or not? If you configure your cookies to be sent over SSL and there is not SSL available, then there's your problem. – Oscar Jan 23 '18 at 10:23
  • I do not have the knowledge about SSL, I'm code and test after that publish website to iis. and then the tester test for web security and report issue to me. – user2955394 Jan 23 '18 at 10:34

1 Answers1

3

If you set your cookies to be sent securely over SSL, then you must enable SSL in IIS Express for this to work. Visual Studio configures all the necessary things (like your server certificate and the settings) when you select the SSL option for the web host.

Enable SSL in Visual Studio

You'll find here a full tutorial about it.

Oscar
  • 13,594
  • 8
  • 47
  • 75