TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
Nagaraj S
963
813
3.3k
Session value is not retained when httpCookies requireSSL="true"
Mar 11 2021 1:24 PM
Dear All,
We have a website(web-forms) developed with Asp.Net 4.0 . It can be accessed with two domain names one with HTTPS and other with HTTP (non-ssl)
Recently for our website, we did the dynamic security scan, it given the result few security issues and to fix those issues we have added the below settings in the web config file.
<system.web>
<httpCookies requireSSL=
"true"
/>
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name=
"X-Frame-Options"
value=
"SAMEORIGIN"
/>
<add name=
"Strict-Transport-Security"
value=
"max-age=31536000; includeSubDomains"
/>
<add name=
"X-XSS-Protection"
value=
"1; mode=block"
/>
<add name=
"X-Content-Type-Options"
value=
"nosniff"
/>
<add name=
"Content-Security-Policy"
value=
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'"
/>
</customHeaders>
Due to these changes, we are facing an issue with the domain name that doesn't have SSL, the issue is that the website doesn't retain the SESSION values. However, the domain name with SSL is working fine.
My observation is,
The website doesn't reported any issue when we checked in the local host server(Without SSL) but only in the production it exhibits such issue with the domain that doesn't have SSL.
Please help me to solve this issue.
Reply
Answers (
1
)
Concatenate Or Mid in a template Fieild
asp.net core join query not showing all data