問題描述:
原因分析:
伺服器開啟了https時,cookie的secure屬性應設為true;
解決辦法:
1.伺服器配置https ssl方式,參考:https://support.microsoft.com/kb/324069/zh-cn
2.修改web.config,添加:
<system.web>
<httpcookies
httponlycookies="true" requiressl="true" />
<system.web>
see: http://msdn.microsoft.com/en-us/library/ms228262(v=vs.100).aspx
3.修改背景寫cookies時的設定 cookie.secure = true:
httpresponse response = httpcontext.current.response;
var cookie = new httpcookie(key, value);
cookie.httponly = true;
cookie.path = "/";
cookie.expires = datetime.now.addhours(1);
cookie.secure = true;
response.appendcookie(cookie);
參考網站:http://stackoverflow.com/questions/5978667/how-to-secure-the-asp-net-sessionid-cookie