This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 39%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELP%3C/text%3E%3C/svg%3E)
i want to secure 'ASP.NET_SessionId' cookie, so i added
<httpCookies httpOnlyCookies="true" requireSSL="true"/> to web.config and
Response.Cookies[ASP.NET_SessionId].Secure = true; to master page.
However when i add code to master page my session gets lost.
Need help
The ASP.NET session API is well tested and known to function as expected. Most likely there is a bug in your design or code.
What kind of application are you building? Are you using SSL? Is there any way you can share code that reproduces this issue? Can you explain what "Session gets lost" means and how to reproduce this issue?
I am building a asp.net web application. Yes we are using SSL.
When the session begins, I can see the value in ASP.NET_SessionId cookie, however, when I navigate to another page, this data is lost. Also all the other parameters like user credentials which are saved are lost and the object becomes null.
This happens only when i add Response.Cookies[ASP.NET_SessionId].Secure = true; to my master page or any event in global.asax which is triggered on every request like Application_BeginRequest or Application_EndRequest.
If I add Response.Cookies[ASP.NET_SessionId].Secure = true only in session_start, my attribute sets to true on session start. however if i manually uncheck secure attribute from developer tools in chrome and reload the page, it is not set back to secure. Thus i am trying to set it from global.asax or master page
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Try to set the Response.Cookies ["ASP.NET_SessionID"].Secure = true in the Session_Start of the global.asax instead of master page.
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Sam Wu-MSFT by this way i am able to set it at the start of session, however if i manually go to developer tools and uncheck the secure attribute, and i reload the page, it no more sets the cookie as secure. Thus i am trying to do it in master page or any event that gets triggered on every request in global.asax. But when i do it, session is lost.
@Larissa Pereira can you tell me why do you go to developer tools and uncheck the secure attribute?