ASP.Net MVC: cookie does not contain HttpOnly attribute and Secured attribute vulnerability

Question

cookie does not contain HttpOnly attribute and Secured attribute vulnerability in MVC5 CI have added as below still the issue is reported in weekly scanltsystemwebgt  lthttpCookies httpOnlyCookies34true34 requireSSL34true34 gtltsystemwebgtplease advise

Joey · Accepted Answer

Hi tsakumar81You can secure the HttpCookie by specifying HttpOnly and Secure attributeResponseCookiesAddnew HttpCookie34key34 34value34    HttpOnly  true    Secure  true

ASP.Net MVC: cookie does not contain HttpOnly attribute and Secured attribute vulnerability

Company

Explore

Follow us

Contact Us