I want to learn .Net Core so I am using .Net framework 1.0.0 RC1 Update2 using Visual Studio 2015, for my sample project. In that I have created my own cookie for session management, but by .Net framework 1.0.0 RC1 Update2, .AspNet.Session cookie is generated automatically. But I have found in top 10 OWASP that cookies need to be secure. According to this I have made my own generated cookie as secure, but I am not able to do for .AspNet.Session cookie as secure.
I have below two questions in my mind...
Q.1) If I have not make .AspNet.Session cookie as secure will that create threat hole in application?, because I have not used this cookie for session management in my sample project.
Q.2) If yes, How to make .AspNet.Session cookie as secure in .Net framework 1.0.0 RC1 Update2?
Looking for your help.
Thanks in advance.