Determines how the identity cookie's security property is set.
Assembly: Microsoft.Owin.Security.Cookies (in Microsoft.Owin.Security.Cookies.dll)
public enum CookieSecureOption
public enum class CookieSecureOption
Public Enumeration CookieSecureOption
CookieOptions.Secure is always marked true. Use this value when your login page and all subsequent pages requiring the authenticated identity are HTTPS. Local development will also need to be done with HTTPS urls.
CookieOptions.Secure is never marked true. Use this value when your login page is HTTPS, but other pages on the site which are HTTP also require authentication information. This setting is not recommended because the authentication information provided with an HTTP request may be observed and used by other computers on your local network or wireless connection.
If the URI that provides the cookie is HTTPS, then the cookie will only be returned to the server on subsequent HTTPS requests. Otherwise if the URI that provides the cookie is HTTP, then the cookie will be returned to the server on all HTTP and HTTPS requests. This is the default value because it ensures HTTPS for all authenticated requests on deployed servers, and also supports HTTP for localhost development and for servers that do not have HTTPS support.
Return to top