Setting the HttpOnly Flag – ASP.NET
Method #1
Add the following configuration to your web.config:
<system.web> <httpCookies httpOnlyCookies="true" /> </system.web>
Method #2
In the code, use the System.Web.HttpCookie.HttpOnly property:
// Create an HttpOnly cookie. HttpCookie theHttpOnlyCookie = new HttpCookie("LastVisit", DateTime.Now.ToString()); // Setting the HttpOnly value to true, makes // this cookie accessible only to ASP.NET. theHttpOnlyCookie.HttpOnly = true; theHttpOnlyCookie.Name = "TheHttpOnlyCookie"; Response.AppendCookie(theHttpOnlyCookie); // Show the name of the HttpOnly cookie. Response.Write(theHttpOnlyCookie.Name);