CookieAttrs Enumeration |
Attributes used when creating cookies to specify additional cookie characteristics such as Secure or Encoded.
Namespace: NetQuarry.Net
Assembly: EAP.Core (in EAP.Core.dll) Version: 2.0.0.0 (4.6.8.0)
SyntaxMembers| Member name | Value | Description | |
|---|---|---|---|
| Encoded | 1 | See http://stackoverflow.com/questions/1969232/allowed-characters-in-cookies for a discussion of problematic cookie values that require encoding. When a cookie is create with this option, the value is encoded using the .Net HttpUtility.UrlEncode() method which is at least approximately equivalent to the javascript encodeURIComponent() method. | |
| Secure | 2 | The cookie should be created as a Secure cookie. A Secure cookie can only be transmitted over an encrypted connection (i.e. HTTPS). They cannot be transmitted over unencrypted connections (i.e. HTTP). This makes the cookie less likely to be exposed to cookie theft via eavesdropping. A cookie is made secure by adding the Secure flag to the cookie. | |
| HttpOnly | 4 | The cookie should be created as an HttpOnly cookie. An HttpOnly cookie cannot be accessed by client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). However, the cookie remains vulnerable to cross-site tracing (XST) and cross-site request forgery (XSRF) attacks. A cookie is given this characteristic by adding the HttpOnly flag to the cookie | |
| SameSiteStrict | 8 | The cookie should be created as a SameSite cookie with the Strict policy (the default for SameSite cookies). Google Chrome 51 recently introduced a new kind of cookie which can only be sent in requests originating from the same origin as the target domain. This restriction mitigates attacks such as cross-site request forgery (XSRF). A cookie is given this characteristic by setting the SameSite flag to Strict. Use SameSiteLax to set the Lax policy. Note that neither SameSiteStrict nor SameSiteLax are supported at this time (due to lack of support in .Net). | |
| SameSiteLax | 16 | The cookie should be created as a SameSite cookie with the Lax policy (the default for SameSite cookies is Strict). Google Chrome 51 recently introduced a new kind of cookie which can only be sent in requests originating from the same origin as the target domain. This restriction mitigates attacks such as cross-site request forgery (XSRF). A cookie is given this characteristic by setting the SameSite flag to Lax. Use SameSiteStrict to set the Strict policy. Note that neither SameSiteStrict nor SameSiteLax are supported at this time (due to lack of support in .Net). |
See Also