Enforce Secure flag for session cookies in ASP.net

To avoid disclosure of sensitive information in transit from the server to the browser,
many applications use HTTP over SSL (HTTPS).
However, because it may be possible to navigate away from the HTTPS protected transport settings of the site,
either by someone specifically providing a link to a non https:// resource or via the application using a absolute reference and mistakenly using http://,
users may subject to their communications being "sniffed" between the browser and server.
Not only is the user data posted to a web server important to protect using HTTPS -
if an attacker were able to see session identifiers passing in plain sight they could reuse
them and masquerade as another user while the session was active (i.e. The user hadn't logged off).
To avoid this from happening, cookies can be set to be "secure" - that is,
they are only to be transmitted when a secure channel is available.

Add the following tag in the webConfig

<System.web>
<httpCookies requireSSL="true"/>
</System.web>

Autocomplete to work with Firefox,IE9+ and Chrome ASP.net C# (AutocompleteType does not produce desired results)

AutoCompleteType is not producing the desired results auto complete feature in the password field needs to be disabled which was done through following Asp.net attribute of < asp:TextBox >

< asp:TextBox ID="passcode" runat="server" size="20" TextMode="Password" AutoCompleteType="Disabled" Wrap="False" > < /asp:TextBox >

When it was tested it is not working with IE9 and chrome.
The quick fix for this potential security threat is as below
In the PageLoad event of your aspx.cs file add attribute as follows

passcode.Attributes.Add("autocomplete", "off");