0

I've recently had a security audit on my website and was informed I need to apply 'HttpOnly' to my 'auth' cookie.

I have no idea how to change this in the web.config file.

The site is ASP.NET MVC.

I'd appreciate it if someone could point me in the right direction.

kahveci
  • 1,429
  • 9
  • 23
QBALL777
  • 15
  • 4
  • Possible duplicate of [How exactly do you configure httpOnlyCookies in ASP.NET?](https://stackoverflow.com/questions/33529/how-exactly-do-you-configure-httponlycookies-in-asp-net) – trailmax Sep 07 '18 at 15:13

1 Answers1

0

In Web.config

<httpCookies httpOnlyCookies="true" …>

Or Via C# Code

HttpCookie cookie = new HttpCookie("cookieName");
cookie.HttpOnly = true;
Response.AppendCookie(cookie);
Akarsh Vijayan
  • 271
  • 1
  • 12
  • Awesome, thank you. I actually tried this previously but I must of made a mistake with the location of the code in the web.config. Works great. Thanks for your help. – QBALL777 Sep 07 '18 at 20:45