== How to fix it in ASP.NET

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
using System.Web;
using System.Web.Mvc;

public class ExampleController : Controller
{
    [HttpGet]
    public IActionResult CheckCookie(string cookie)
    {
        if (Request.Cookies["ASP.NET_SessionId"] == null)
        {
            Response.Cookies.Append("ASP.NET_SessionId", cookie);
        }

        return View("Welcome");
    }
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
using System.Web;
using System.Web.Mvc;

public class ExampleController : Controller
{
    [HttpGet]
    public IActionResult CheckCookie()
    {
        if (Request.Cookies["ASP.NET_SessionId"] == null)
        {
            return View("GetCookie");
        }

        return View("Welcome");
    }
}
----

include::../../common/fix/how-does-this-work.adoc[]