Use HttpOnly property of the cookie when it is created.
It prevents the cookie from being accessible through Javascript.
ex:
HttpCookie h=new HttpCookie("userinfo");
h.HttpOnly=true;
h.Value="dd";
h.Expires=DateTime.Now.AddMinutes(3);
Response.Cookies.Add(h);
No comments:
Post a Comment