C# solution to keeping cookies safe

Recently our security engineer strongly suggested that we ensure that the sites we develop are using cookies in a safe manor. The CMS we develop with sometimes adds fun steps in the way of the "easy implementation."

The following sets all cookies within the C# project to secure, SameSite and HTTPONLY. Even if the cookie is outside of the code in the immediate project.


protected void Application_EndRequest(object sender, EventArgs e) {    foreach (string sCookie in Response.Cookies)    {        Response.Cookies[sCookie].Secure = true;        Response.Cookies[sCookie].SameSite = SameSiteMode.Strict;        Response.Cookies[sCookie].HttpOnly = true;    } }

Comments

Post a Comment

Popular posts from this blog

Zero Fill - C# and JQuery

I recently ran into an issue when trying to add a zip code to a MVC view within the CMS we develop websites. The CMS holds the zipcode as a decimal, which a funny thing happens when the first New York address gets added. The leading zeros disappear. Since we were using this in a Google Maps implementation I ultimately needed this resolved in the C# View as well as the JQuery. Below are the two implementations that I added to resolve this issue. (Wish I could have just changed the type to a string, but this is a close second). JQuery function zeroFill(number, width) {     width -= number.toString().length;     if (width > 0)         return new Array(width + (/\./.test(number) ? 2 : 1)).join('0') + number        return number + ""; // always return a string   } Razor (C#) @location.ZipCode.ToString("00000")
Read more