From the course: Security in ASP.NET Core
Join today to access over 24,400 courses taught by industry experts.
Securing cookie attributes in the app - ASP.NET Tutorial
From the course: Security in ASP.NET Core
Securing cookie attributes in the app
- [Instructor] We are back in the application, and in the web application, I go to program dot CS where we have that add session call, and here, I am adding the options we've just discussed. So I start with the HTTP only setting, and yes, I do want "true" here. I look at the available secure policies. There is cookie secure policy, none. So the secure flag is not set, that's not what I want. Instead, I would like to have "always", and as I already mentioned, same as request means, no secure for HTTP, and secure for HTTPS. But yeah, "always" is what I want because we are always using HTTPS at the moment. And for same site, since we don't have any cross site requests, yeah, I would say same site mode dot strict is something that is reasonable here. This will secure the session cookie. We also have an authentication cookie, since we're using cookie based authentication when logging in, and you see that here that add cookie call that we already have, has options. Guess what? We can set…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
