Message:Make sure creating this cookie without setting the 'Secure' property is safe here.
Impact:Unknown 'null' severity
Likelihood:Unknown 'null' severity
When the HttpCookie.Secure property is set to false then the cookie will be send during an unencrypted HTTP request:
The default value of Secure flag is false, unless overwritten by an application's configuration file:
Set the HttpCookie.Secure property to true:
Or change the default flag values for the whole application by editing the Web.config configuration file:
- the requireSSL attribute corresponds programmatically to the Secure field.
- the httpOnlyCookies attribute corresponds programmatically to the httpOnly field.