This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 81%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Added below code to make the cookie secure,
Kindly help me to fix the issue.
public class Startup
{
app.UseCookiePolicy(
new CookiePolicyOptions
{
Secure = CookieSecurePolicy.Always,
});
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Your question is not clear. Your code configures the cookie such that the browser will only include it with https requests.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 41%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXS%3C/text%3E%3C/svg%3E)
Hi @Sumanth Babu ,
From the code in your question, I don't find any problems.
Rule description
Applications available over HTTPS must use secure cookies, which indicate to the browser that the cookie should only be transmitted using Transport Layer Security (TLS).
According to this Docs: If cookies are configured to be secure by default, such as using Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware in :Startup.Configure:
public class Startup
{
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseCookiePolicy(
new CookiePolicyOptions
{
Secure = CookieSecurePolicy.Always
});
}
}
You can also set Microsoft.AspNetCore.Http.CookieOptions.Secure property as true when you Microsoft.AspNetCore.Http.Internal.ResponseCookies class.
Please refer to the Docs to learn more details.
------------------------------------------------------------------------------------------
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Xinran Shen