Skip to content
This repository has been archived by the owner on Nov 22, 2018. It is now read-only.

Mark session cookie as secure / HTTPS? #137

Closed
qJake opened this issue Nov 21, 2016 · 1 comment
Closed

Mark session cookie as secure / HTTPS? #137

qJake opened this issue Nov 21, 2016 · 1 comment
Labels
duplicate

Comments

@qJake
Copy link

qJake commented Nov 21, 2016

If I register the session service using the following code (a distributed cache has already been set up) -

services.AddSession(s =>
{
    s.CookieDomain = options.CookieDomain;
    s.CookieHttpOnly = options.CookieHttpOnly;
});

There is no option to enable the cookie to be secure (HTTPS only). This is in contrast to when setting up a forms authentication cookie, where the "Secure" option can be set:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    CookieSecure = CookieSecurePolicy.Always
});

Cookies

How can I set a session cookie to be secure/HTTPS-only with ASP.NET Core?
@Tratcher
Copy link
Member

It's there now in 1.1.
https://github.com/aspnet/Session/blob/dev/src/Microsoft.AspNetCore.Session/SessionOptions.cs#L42
#106

@qJake qJake closed this as completed Nov 21, 2016
@camd67 camd67 mentioned this issue May 8, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qJake @Tratcher