Hi @Sumanth Babu ,
From the code in your question, I don't find any problems.
Rule description
Applications available over HTTPS must use secure cookies, which indicate to the browser that the cookie should only be transmitted using Transport Layer Security (TLS).
According to this Docs: If cookies are configured to be secure by default, such as using Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware
in :Startup.Configure
:
public class Startup
{
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseCookiePolicy(
new CookiePolicyOptions
{
Secure = CookieSecurePolicy.Always
});
}
}
You can also set Microsoft.AspNetCore.Http.CookieOptions.Secure
property as true
when you Microsoft.AspNetCore.Http.Internal.ResponseCookies
class.
Please refer to the Docs to learn more details.
------------------------------------------------------------------------------------------
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Xinran Shen