HttpOnly Cookies with ASP.NET 2.0
Christop Wille mentions that “…In the article The 80/20 Rule for Web Application Security, there is one security solution proposed to protect sensitive cookies: adding the httpOnly flag. This attribute prevents cookies from being accessed through client-side script, thus mitigating the risk of cross-site scripting.”
Write a comment