Click here to Skip to main content
15,886,032 members
Search within:


How to resolve cookie path attribute mapped to root folder in ASP.NET ?
Please Sign up or sign in to vote.
4.00/5 (1 vote)
I am having security issue of the cookie path mapped to root folder or so. I want to set the cookie path attribute to application defined folder in the Configration file.

What I have tried:

<httpCookies requireSSL="true" httpOnlyCookies="true" domain="" />
Posted
Updated 23-Dec-19 18:50pm
Add a Solution

1 solution

To restrict the domain of our cookies, we can use some Web.config settings.
HTML
<configuration>
  <system.web>
    <!-- Prevent access to cookies from other sub-domains -->
    <httpCookies domain="app1.*.com" />
  </system.web>
</configuration>

To restrict the path, we’ll need to add some server-side code. How we handle this is largely dependent on the structure of our application, but the example function below allows us to specify the path from a value in our Web.config when we set a cookie.
C#
private void SetCookie(string Key, string Value) 
{
    Response.Cookies[Key].Value = Value;
    Response.Cookies[Key].Path = _
    ConfigurationManager.AppSettings["UserDefinedCookiePathFilter"];
}

If we use this method to create all of our user-defined cookies, it will then allow us to restrict the path from our web.config like so:
HTML
<configuration>
  <appSettings>
    <add key="UserDefiniedCookiePathFilter"
      value="/VirtualDirectoryToFilter"/>
  </appSettings>
</configuration>

check this for more details
https://headmelted.com/securing-asp-net-cookies-a1e1b1648ed[^]
 
Share this answer
 
Posted
Comments
ranio 26-Dec-19 5:11am    
I tried some options. But what is happening is that i am getting multiple cookie paths.
I just want the second one and remove the default / path
One mapped to root path as /
Another mapped to the virtual directory /test

My code:
Web.Config file
<add key="UserDefiniedCookiePathFilter" value="/DDS_AHB">

Global.asax page
Under Application_PreSendRequestHeaders Event

string CookiePath= ConfigurationManager.AppSettings["UserDefiniedCookiePathFilter"];
Response.AppendHeader("Set-Cookie", "path="+CookiePath);
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to resolve cookie path attribute mapped to root folder in ASP.NET
How to set the virtual path in cookies in ASP.NET?
How to set the virtual path in cookies in ASP.NET?
Image on Root Node of Site Map
How to map root path for images and css links on aspx pages?
How to map root path css links on aspx pages?
How map a physical path in asp.net
Update subfolder relative path when root folder path changed (DMS)
how to delete folder from a root folder
Uploading in folder in root

Advertise
Privacy
Cookies
Terms of Use
Last Updated 24 Dec 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900