Setting the HttpOnly Flag – ASP.NET

/0 Comments/in /by

Method #1

Add the following configuration to your web.config:

<system.web>
    <httpCookies httpOnlyCookies="true"  />
</system.web>

Method #2

In the code, use the System.Web.HttpCookie.HttpOnly property:

// Create an HttpOnly cookie.
HttpCookie theHttpOnlyCookie = new HttpCookie("LastVisit", DateTime.Now.ToString());
// Setting the HttpOnly value to true, makes
// this cookie accessible only to ASP.NET.
theHttpOnlyCookie.HttpOnly = true;
theHttpOnlyCookie.Name = "TheHttpOnlyCookie";
Response.AppendCookie(theHttpOnlyCookie);
// Show the name of the HttpOnly cookie.
Response.Write(theHttpOnlyCookie.Name);

References

http://msdn.microsoft.com/en-us/library/ms533046.aspx

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *