Skip to content
This repository has been archived by the owner on Nov 22, 2018. It is now read-only.

Add Secure cookie flag option to session cookie #106

Closed
Tratcher opened this issue Apr 11, 2016 · 4 comments
Closed

Add Secure cookie flag option to session cookie #106

Tratcher opened this issue Apr 11, 2016 · 4 comments
Labels
3 - Done enhancement
Milestone
1.1.0-preview1

Comments

@Tratcher
Copy link
Member

The session cookie needs the ability to have the 'Secure' flag set.

This depends on aspnet/HttpAbstractions#612.

Note we considered doing this in the past (#28), but we considered the Microsoft.AspNetCore.CookiePolicy middleware to be adequate. That's no longer the case because we want to apply token binding data protection based on if the cookie will be marked as Secure.
@Tratcher Tratcher added this to the 1.0.0 milestone Apr 11, 2016
@Tratcher Tratcher mentioned this issue Apr 11, 2016
Closed
@Tratcher Tratcher self-assigned this Apr 11, 2016
@Tratcher Tratcher mentioned this issue Apr 29, 2016
Closed
@Tratcher Tratcher modified the milestones: 1.0.1, 1.0.0 May 20, 2016
@Tratcher Tratcher mentioned this issue May 20, 2016
Closed
@sadjadbp sadjadbp mentioned this issue May 20, 2016
Closed
@Tratcher Tratcher assigned jkotalik and unassigned Tratcher Jun 15, 2016
jkotalik pushed a commit that referenced this issue Jun 16, 2016
#106 Fix: Adds Secure Cookie flag and tests
11eaf24
@jkotalik jkotalik mentioned this issue Jun 16, 2016
Closed
jkotalik pushed a commit that referenced this issue Jun 16, 2016
#106 Fix: Adds Secure Cookie flag and tests
07bfa0d
jkotalik pushed a commit that referenced this issue Jun 16, 2016
#106 Fix: Adds Secure Cookie flag and tests
83bc308
jkotalik pushed a commit that referenced this issue Jun 16, 2016
#106 Fix: Adds Secure Cookie flag and tests
219ef74
@Tratcher Tratcher added enhancement and removed bug labels Jun 16, 2016
@joerter
Copy link

joerter commented Sep 12, 2016

Will this be included in the 1.1.0 release?

@Tratcher
Copy link
Member Author

Yes

@Tratcher Tratcher mentioned this issue Nov 21, 2016
Closed
@aspnet-hello aspnet-hello mentioned this issue Jan 1, 2018
Closed
@sewarts
Copy link

sewarts commented Jan 11, 2018

Using 1.1. but there is no options.Cookie.SecurePolicy = CookieSecurePolicy.Always option

@Tratcher
Copy link
Member Author

In 1.1 it's options.CookieSecure

Session/src/Microsoft.AspNetCore.Session/SessionOptions.cs

Line 42 in f8b38c9

public CookieSecurePolicy CookieSecure { get; set; } = CookieSecurePolicy.None;

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
3 - Done enhancement
Projects
None yet
Milestone
1.1.0-preview1
Development

No branches or pull requests
4 participants
@Tratcher @joerter @sewarts @jkotalik