问题描述:
原因分析:
服务器开启了Https时,cookie的Secure属性应设为true;
解决办法:
1.服务器配置Https SSL方式,参考:https://support.microsoft.com/kb/324069/zh-cn
2.修改web.config,添加:
<
system.web
>
< httpCookies httpOnlyCookies = "true" requireSSL = "true" / >
< system.web >
< httpCookies httpOnlyCookies = "true" requireSSL = "true" / >
< system.web >
3.修改后台写Cookies时的设置
cookie.Secure =
true:
HttpResponse response = HttpContext.Current.Response;
var cookie = new HttpCookie(key, value);
cookie.HttpOnly = true;
cookie.Path = "/";
cookie.Expires = DateTime.Now.AddHours(1);
cookie.Secure = true;
response.AppendCookie(cookie);
参考网站:http://stackoverflow.com/questions/5978667/how-to-secure-the-asp-net-sessionid-cookie
