Home/ Questions/Q 3278728
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T19:30:47+00:00

I have an ASP:NET MVC 2 web site that is on SSL. I want

  • 0

I have an ASP:NET MVC 2 web site that is on SSL. I want to create a cookie like this: 

FormsAuthentication.SetAuthCookie(validatedUser.UserName, false);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, validatedUser.SecureToken, DateTime.Now, DateTime.Now.AddMinutes(10), false, String.Empty);

HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);

But I get an exception, telling: “The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.

In web.config I have: 

<authentication mode="Forms">
    <forms loginUrl="~/Account/LoginError" timeout="2880" requireSSL="true" protection="All"/>
</authentication>

How can I fix this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    requireSSL="false" or use http:// to request your site. Note that both are bad idea if you care about security. If you want a secure site leave requireSSL="true" and use https:// to request your site.

    Also the SetAuthCookie method already writes the cookie to the response so you don’t need the rest:

    FormsAuthentication.SetAuthCookie(validatedUser.UserName, false);

    is enough. You don’t need to worry about FormsAuthenticationTicket and adding the cookie to the response.

    • 0