How to Insecure Cookie Issue in ASP.net code web API

Sumanth Babu 21 Reputation points
2022-09-02T11:51:42.79+00:00

Added below code to make the cookie secure,

Kindly help me to fix the issue.

public class Startup
{

app.UseCookiePolicy(
new CookiePolicyOptions
{
Secure = CookieSecurePolicy.Always,
});
}

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,118 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Bruce (SqlWork.com) 54,621 Reputation points
    2022-09-04T14:56:59.877+00:00

    Your question is not clear. Your code configures the cookie such that the browser will only include it with https requests.

    0 comments No comments

  2. Xinran Shen - MSFT 2,091 Reputation points
    2022-09-05T02:47:49.237+00:00

    Hi @Sumanth Babu ,
    From the code in your question, I don't find any problems.

    Rule description
    Applications available over HTTPS must use secure cookies, which indicate to the browser that the cookie should only be transmitted using Transport Layer Security (TLS).

    According to this Docs: If cookies are configured to be secure by default, such as using Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware in :Startup.Configure:

    public class Startup  
    {  
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)  
        {  
            app.UseCookiePolicy(  
                new CookiePolicyOptions  
                {  
                    Secure = CookieSecurePolicy.Always  
                });  
        }  
    }  
    

    You can also set Microsoft.AspNetCore.Http.CookieOptions.Secure property as true when you Microsoft.AspNetCore.Http.Internal.ResponseCookies class.
    Please refer to the Docs to learn more details.

    ------------------------------------------------------------------------------------------

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Xinran Shen

    0 comments No comments