Is it possible that cookies created by application can only be accessed via server side code only? Is it possible to restrict that client side code can not access any cookie?

 Posted by Virendradugar on 9/21/2009 | Category: ASP.NET Interview questions | Views: 3441


it is possible to enable HttpOnly programmatically on any individual cookie by setting the HttpOnly property of the HttpCookie object to true. However, it is easier and more reliable to configure the application to automatically enable HttpOnly for all cookies. To do this, set the httpOnlyCookies attribute of the
<httpCookies> element to true.


<httpCookies httpOnlyCookies=”true”>

Asked In: Many Interviews | Alert Moderator 

Comments or Responses

Login to post response