how can I share an asp.net session between http and https

by

From MSDN:

When a user moves back and forth
between secure and public areas, the
ASP.NET-generated session cookie (or
URL if you have enabled cookie-less
session state) moves with them in
plaintext, but the authentication
cookie is never passed over
unencrypted HTTP connections as long
as the Secure cookie property is set.

So basically, the cookie can be passed over both HTTP and HTTPS if the Secure property is set to false.

I have avoided this issue by adding this to my Global.asax file:

void Session_Start(object sender, EventArgs e) 
{
    if (Request.IsSecureConnection) Response.Cookies["ASP.NET_SessionID"].Secure = false;
}

This means that if the Session cookie is created over HTTP, it will only be accessible over HTTPS.

More Related Contents:

  1. SSL pages under ASP.NET MVC
  2. Response.Redirect with POST instead of Get?
  3. IIS Request Timeout on long ASP.NET operation
  4. Unmanaged DLLs fail to load on ASP.NET server
  5. CustomErrors does not work when setting redirectMode=”ResponseRewrite”
  6. Mailbox unavailable. The server response was: 5.7.1 Unable to relay for [email protected] [closed]
  7. How to run ‘dotnet dev-certs https –trust’?
  8. How to allow download of .json file with ASP.NET
  9. Can I serve .html files using Razor as if they were .cshtml files without changing the extension of all my pages?
  10. asp.net c# redirecting from http to https
  11. How to use HTTPS in an ASP.Net Application
  12. Is current request being made over SSL with Azure deployment
  13. What happens when I edit web.config?
  14. What does ‘IISReset’ do?
  15. User ASP.NET runs under
  16. C# ASP.NET Send Email via TLS
  17. Classic ASP Outbound TLS 1.2
  18. Content-Disposition:What are the differences between “inline” and “attachment”?
  19. Best way to trim strings after data entry. Should I create a custom model binder?
  21. System.Security.SecurityException when writing to Event Log
  22. What perfmon counters are useful for identifying ASP.NET bottlenecks?
  23. Visual Studio error “Object reference not set to an instance of an object” after install of ASP.NET and Web Tools 2015
  24. Setting up redirect in web.config file
  25. How to remove returnurl from url?
  26. how to access master page control from content page
  27. How to use Castle Windsor with ASP.Net web forms?
  28. HttpCookieCollection.Add vs HttpCookieCollection.Set – Does the Request.Cookies collection get copied to the Response.Cookies collection?
  29. Can I reuse HttpWebRequest without disconnecting from the server?
  30. Is there a recommended way to return an image using ASP.NET Web API

Leave a Comment