include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

In C# you can specify the secure flag with the HttpCookie.secure property:

----
HttpCookie myCookie = new HttpCookie("Sensitive cookie");
myCookie.Secure = false; //  Sensitive: a security-sensitive cookie is created with the secure flag set to false 
----

The https://docs.microsoft.com/en-us/dotnet/api/system.web.httpcookie.secure?view=netframework-4.8[default value] of <code>secure</code> flag is false:

----
HttpCookie myCookie = new HttpCookie("Sensitive cookie");  
//  Sensitive: a security-sensitive cookie is created with the secure flag not defined (by default set to false)
----

== Compliant Solution

----
HttpCookie myCookie = new HttpCookie("Sensitive cookie");
myCookie.Secure = true; // Compliant: the security-sensitive cookie will not be send during an unencrypted HTTP request thanks to the secure flag (Secure property) set to true
----

include::../see.adoc[]