How can I set the Secure flag on an ASP.NET Session Cookie?
In the <system.web> element, add the following element: <httpCookies requireSSL=”true” /> However, if you have a <forms> element in your system.web\authentication block, then this will override the setting in httpCookies, setting it back to the default false. In that case, you need to add the requireSSL=”true” attribute to the forms element as well. So you … Read more