How exactly do you configure httpOnlyCookies in ASP.NET?

Teller picture Teller · Aug 29, 2008 · Viewed 105.4k times · Source

Inspired by this CodingHorror article, "Protecting Your Cookies: HttpOnly"

How do you set this property? Somewhere in the web config?

Answer

Corey McKinnon picture Corey McKinnon · Aug 29, 2008

If you're using ASP.NET 2.0 or greater, you can turn it on in the Web.config file. In the <system.web> section, add the following line:

<httpCookies httpOnlyCookies="true"/>