Teller Teller - 2 months ago 10
ASP.NET (C#) Question

How exactly do you configure httpOnlyCookies in ASP.NET?

Inspired by this CodingHorror article, "Protecting Your Cookies: HttpOnly"

How do you set this property? Somewhere in the web config?

Answer

If you're using ASP.NET 2.0 or greater, you can turn it on in the Web.config file. In the <system.web> section, add the following line:

<httpCookies httpOnlyCookies="true"/>