<2017 November>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Thursday, 24 February 2005

In the article The 80/20 Rule for Web Application Security, there is one security solution proposed to protect sensitive cookies: adding the httpOnly flag. This attribute prevents cookies from being accessed through client-side script, thus mitigating the risk of cross-site scripting.

All you have to do in ASP.NET 2.0 to take advantage of this security feature is to add the httpCookies element with the httpOnlyCookies attribute set to true to web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
        <httpCookies httpOnlyCookies="true"/>
    </system.web>
</configuration>

That's it - but you are still free to override this on a per-cookie basis.

Categories: 2 Ohhhh | ASP.NET | Security
Thursday, 24 February 2005 06:01:40 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.