How exactly do you configure httpOnlyCookies in ASP.NET?

Question

Inspired by this CodingHorror article, \"Protecting Your Cookies: HttpOnly\"

How do you set this property? Somewhere in the web config?

Answer 1

If you're using ASP.NET 2.0 or greater, you can turn it on in the Web.config file. In the section, add the following line: