How to set HttpOnly = true when using Wisej.Base.Cookie

To meet the security requirement of production environment, we need set HttpOnly = true for all cookies, but we cannot find the option HttpOnly for Wisej.Base.Cookie. It does have other required options such as Secure and SameSite. Is there any way to do that?

Thanks.

Tim

Questions

Weitian Lou asked Dec 31, 2024 - 6:35 am

You must login to post comments

Answers (3)

Hi Tim,

JFYI we have updated our documentation covering HttpOnly cookies

https://docs.wisej.com/docs/concepts/security#httponly-cookies

Best regards
Frank

Frank (ITG) answered Jan 2, 2025 - 1:45 pm

- Weitian Lou
- Jan 2, 2025 - 5:34 pm
Great, thanks!

You must login to post comments

Frank, thanks for the clarification. We have switched to HttpCookie to fully meet the requirement of security.

Happy New Year!

Regards

Tim

Weitian Lou answered Jan 1, 2025 - 5:24 am

You must login to post comments

Hi Tim,

this is not possible with the cookies managed through Wisej.NET because those are set using Javascript.
HttpOnly cookies can only be set/read using an http request/response.

They could be managed using ASP.NET cookies directly though. If you want us to evaluate this approach further please contact our Professional Services at SalesATwisej.com.

Download Wisej.NET datasheet Printable version (pdf)

Ask questions and get help on the Wisej.NET Forum

Explore Wisej.NET online documentation