If the Web.config has this setting:
<httpCookies httpOnlyCookies="true" requireSSL="true" />
All the cookies are now with Secure and HttpOnly flag, but what if I do need one cookie to be not secured so that I can pass something to the client for its javascript to read the data within it? How can I make this cookie not with Secure and HttpOnly flag?
I need this data to be available for any page, is there a way other than cookie?
Thanks,
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
It turned out that the setting in your code take over the setting in Web.Config. Only cookies that have not been specified with Secure and HttpOnly then will be affected by the setting in Web.Config.
The example code:
filterContext.HttpContext.Response.Cookies.Add(new HttpCookie("mycookie", "mycookievalue") {
Secure = false,HttpOnly = false
});
So “mycookie” will not be secured regardless what is the setting in Web.Config
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0