How can you prevent a cookie from cross side script attacks?

 Posted by Ddd on 3/15/2011 | Category: ASP.NET Interview questions | Views: 2015 | Points: 40
Answer:

Use HttpOnly property of the cookie when it is created.
It prevents the cookie from being accessible through Javascript.

ex:
HttpCookie h=new HttpCookie("userinfo");
h.HttpOnly=true;
h.Value="dd";
h.Expires=DateTime.Now.AddMinutes(3);
Response.Cookies.Add(h);


| Alert Moderator 

Comments or Responses

Login to post response