--- layout: post status: publish published: true title: HttpOnly cookies in .NET 2.0 wordpress_id: 266 wordpress_url: http://pro.grammatic.org/post-httponly-cookies-in-net-20-34.aspx date: !binary |- MjAwNy0wNi0yNiAxNzoyNDozMSArMDIwMA== date_gmt: !binary |- MjAwNy0wNi0yNiAxNzoyNDozMSArMDIwMA== categories: - Technology - .NET tags: - .NET comments: [] ---

This is a well known trick that I just wanted to share as it is so crucial in preventing effective XSS attacks in Internet Explorer (and hopefully soon FireFox).

Anyway, the method is simple, whack this under the <system.web> section of your web.config file:

{% highlight xml %} {% endhighlight %}

Tada!