Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
enum Microsoft.AspNetCore.Http.CookieSecurePolicy
Assembly: Microsoft.AspNetCore.Http.Abstractions
Determines how cookie security properties are set.
Values
SameAsRequest
If the URI that provides the cookie is HTTPS, then the cookie will only be returned to the server on
subsequent HTTPS requests. Otherwise if the URI that provides the cookie is HTTP, then the cookie will
be returned to the server on all HTTP and HTTPS requests. This value ensures
HTTPS for all authenticated requests on deployed servers, and also supports HTTP for localhost development
and for servers that do not have HTTPS support.
Always
Secure is always marked true. Use this value when your login page and all subsequent pages
requiring the authenticated identity are HTTPS. Local development will also need to be done with HTTPS urls.
None
Secure is not marked true. Use this value when your login page is HTTPS, but other pages
on the site which are HTTP also require authentication information. This setting is not recommended because
the authentication information provided with an HTTP request may be observed and used by other computers
on your local network or wireless connection.