31 lines
1011 B
Plaintext
31 lines
1011 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
In C# you can specify the secure flag with the HttpCookie.secure property:
|
|
|
|
----
|
|
HttpCookie myCookie = new HttpCookie("Sensitive cookie");
|
|
myCookie.Secure = false; // Sensitive: a security-sensitive cookie is created with the secure flag set to false
|
|
----
|
|
|
|
The https://docs.microsoft.com/en-us/dotnet/api/system.web.httpcookie.secure?view=netframework-4.8[default value] of <code>secure</code> flag is false:
|
|
|
|
----
|
|
HttpCookie myCookie = new HttpCookie("Sensitive cookie");
|
|
// Sensitive: a security-sensitive cookie is created with the secure flag not defined (by default set to false)
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
HttpCookie myCookie = new HttpCookie("Sensitive cookie");
|
|
myCookie.Secure = true; // Compliant: the security-sensitive cookie will not be send during an unencrypted HTTP request thanks to the secure flag (Secure property) set to true
|
|
----
|
|
|
|
include::../see.adoc[]
|