'Secure cookies flag always getting lost in first session after resetting IIS

Looking for solution for ASP.NET_SessionId should always be secure flag true when request is from secure connection.

Below Steps are done to achieve -

  1. Created MVC Project
  2. Added below code under Global.asax.cs
protected void Session_Start(object sender, EventArgs e)
   {
      Response.Cookies["ASP.NET_SessionId"].HttpOnly = true;
      if (Request.IsSecureConnection) {
          Response.Cookies["ASP.NET_SessionId"].Secure = true;
       }
   }

It works fine gives expected result. Here's is screenshot for secured flag.

Screenshot

To Reproduce Issue :

  1. Delete Existing Cookies

  2. Reset IIS

  3. Load website in SSL

4) Cookies of first session gets created is always remain Unsecure After the first session all session cookies remain secure.

Here is screenshot for SSL request with unsecured cookies.

May know the how to make sure cookies get remain secure while SSL request. Also it must be by code only.



Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source