Tuesday 25 February 2014

How to disable httpOnlyCookies - asp.net

By Unknown 5:50:00 pm Leave a Comment

Scenario

HTTP only cookies cannot be read by client-side script therefore marking a cookie as HTTP only can provide an additional layer of protection against cross-site script attack.

Impact:

During Cross-Site scripting attack and attacker might easily access cookies and hijack the victim’s session.

Solution

You can disable the httpOnlyCookies on the web.config file. Open the web.config file and add the configuration on the httpCookies element like example below :

<system.web>

:

: 

<httpCookies httpOnlyCookies="false" requireSSL="false" domain="" />

:

:
 </system.web>

By
NOTE : – If You have Found this post Helpful, I will appreciate if you can Share it on Facebook, Twitter and Other Social Media Sites. Thanks =)

0 comments:

Post a Comment

Subscribe to our newsletter to get the latest updates to your inbox.

Your email address is safe with us!




Founder of developersnote.com, love programming and help others people. Work as Software Developer. Graduated from UiTM and continue study in Software Engineering at UTMSpace. Follow him on Twitter , or Facebook or .



Powered by Blogger.