Cookies can be accessed from the client side using document.cookie. The information can be tampered by this. In order to avoid misusing this security features Microsoft came up with a solution.
A tag in the web.config file as follows will disable this.
<httpCookies domain="String" httpOnlyCookies="true" requireSSL="false" />
This will limit the attackers to gain access to this sensitive information through Cross Site Scripting (XSS) attacks
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment