<2017 September>
SunMonTueWedThuFriSat
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Thursday, 24 February 2005

In the article The 80/20 Rule for Web Application Security, there is one security solution proposed to protect sensitive cookies: adding the httpOnly flag. This attribute prevents cookies from being accessed through client-side script, thus mitigating the risk of cross-site scripting.

All you have to do in ASP.NET 2.0 to take advantage of this security feature is to add the httpCookies element with the httpOnlyCookies attribute set to true to web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
        <httpCookies httpOnlyCookies="true"/>
    </system.web>
</configuration>

That's it - but you are still free to override this on a per-cookie basis.

Categories: 2 Ohhhh | ASP.NET | Security
Thursday, 24 February 2005 06:01:40 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.