web analytics

Using Cookies in ASP.NET

@2021-01-25 21:31:13

Secure cookies with web.config in .NET


<httpCookies httpOnlyCookies="true|false" requireSSL="true|false" domain=".domain.com" sameSite="None|Lax|Strict|Unspecified" />


When a cookie that has HttpOnlyCookies set to true is received by a compliant browser, it is inaccessible to client-side script.

Setting the sameSite attribute value to either of the Strict, Lax or None enumeration values will cause a SameSite attribute to be appended on all cookies of your application that are not Authentication or Session related. Cookies marked with SameSite=None will only be sent back to the server if marked as secure and if the connection between client and server is a secure connection.

@2021-05-08 13:32:59

Creating an encrypted cookie with integrity:

HttpCookie cookie = new HttpCookie(name, val);

HttpCookie encodedCookie = HttpSecureCookie.Encode (cookie);


Decrypting and validating an encrypted cookie:

– HttpSecureCookie.Decode (cookie);


You must Sign In to comment on this topic.

© 2024 Digcode.com