In my opinion, I think security is always first, if you already know that there are certain ways to avoid risk, then I will definitely do it instead of avoiding the known methods.
Use HTTP-Only and SSL-Only Cookies
To protect your sites users' cookies from being accessed by scripts in other domains and protect against them being read from min-in-the-middle attackers, ensure the following settings is enabled in Web.config:
<configuration> <system.web> <httpCookies httpOnlyCookies="true" requireSSL="true" /> </system.web> </configuration>
Secure cookies
No comments:
Post a Comment