<July 2010>
SunMonTueWedThuFriSat
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567

On this page...
Search
Links
Member of...

ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories
Microsoft
Blogroll
Deutsche Resourcen
Management
Sign In
 

#  Thursday, February 24, 2005
HttpOnly Cookies with ASP.NET 2.0

In the article The 80/20 Rule for Web Application Security, there is one security solution proposed to protect sensitive cookies: adding the httpOnly flag. This attribute prevents cookies from being accessed through client-side script, thus mitigating the risk of cross-site scripting.

All you have to do in ASP.NET 2.0 to take advantage of this security feature is to add the httpCookies element with the httpOnlyCookies attribute set to true to web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
        <httpCookies httpOnlyCookies="true"/>
    </system.web>
</configuration>

That's it - but you are still free to override this on a per-cookie basis.

Categories: 2 Ohhhh | ASP.NET | Security
Thursday, February 24, 2005 6:01:40 AM (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



© Copyright 2010 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

  
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.