Hi
For past few days audit of my application is going.There SSL cookie issue is always used.
On search Net I fount that when authentication mode is form
we can use RequireSSL property . But Our Application uses
authentication mode as Windows in web.config.
<HttpCookies RequireSSL=true/> is something which is was mentioned in MSDN but
1) application is .net 1.0 (In this application what switched of SESSION state to get past audit ,since asp .net sessionID cookie was there where issue was found)
2) application is .net 1.1 , In this application I cannot turn of session .
and In both of these app i m unable to set <httpcookies value.
I have been working on this for past week without any clue . Any help would be greatly appreciated.
Thanks
Jalaj
For past few days audit of my application is going.There SSL cookie issue is always used.
On search Net I fount that when authentication mode is form
we can use RequireSSL property . But Our Application uses
authentication mode as Windows in web.config.
<HttpCookies RequireSSL=true/> is something which is was mentioned in MSDN but
1) application is .net 1.0 (In this application what switched of SESSION state to get past audit ,since asp .net sessionID cookie was there where issue was found)
2) application is .net 1.1 , In this application I cannot turn of session .
and In both of these app i m unable to set <httpcookies value.
I have been working on this for past week without any clue . Any help would be greatly appreciated.
Thanks
Jalaj