3

I have an ASP.NET application which stores a "Remember Me" token as a cookie; it worked fine until I implemented SSL.

Using FireCookies, I never see my cookie (named "_rmtoken") though ".ASPXAUTH", "ASP.NET_SessionId" and other cookies do show up. Here is the code I use to set the cookie:


public static void SetRememberMeCookie(HttpContext context, Guid token)
{
    DeleteRememberMeCookie(context);
    var loginCookie = new HttpCookie("_rmtoken")
    {
        Value = token.ToString(),
        Expires = DateTime.Today.AddMonths(1), 
        HttpOnly=false, 
        Secure = false
    };
    context.Response.Cookies.Add(loginCookie);
}
Improve this question

2 Answers 2

Reset to default
1

Change this line from false to true

Secure = false

Msdn Reference - HttpCookie.Secure property

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

per the code, Secure is already set to false. It doesn't work.
sorry wasn't completely clear, change the line from Secure=false to Secure=true
Why doesn't the cookie get set when it's false? What if we don't want the cookie flagged as secure?
1

Simply try to set cookie's domain property for your cookies:

Response.Cookies["your_cookie_name"].Domain = "yourdomain.com";

... or check out this article to get more information.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.