Answer: Yes.
it is possible to enable HttpOnly programmatically on any individual cookie by setting the HttpOnly property of the HttpCookie object to true. However, it is easier and more reliable to configure the application to automatically enable HttpOnly for all cookies. To do this, set the httpOnlyCookies attribute of the
<httpCookies> element to true.
<configuration>
<system.web>
<httpCookies httpOnlyCookies=”true”>
Asked In: Many Interviews |
Alert Moderator