Inspired by this CodingHorror article, "Protecting Your Cookies: HttpOnly"
How do you set this property? Somewhere in the web config?
If you're using ASP.NET 2.0 or greater, you can turn it on in the Web.config file. In the <system.web> section, add the following line:
<httpCookies httpOnlyCookies="true"/>