aspxtreme
Home   Getting Started   Web Forms   Web Applications   ADO.NET   ASP/ADO   Back to Basics
 The #1 ASP/ASP.NET Developer Community   Home

<httpCookies> Section

ASP.NET Syntax   ASP.NET Configuration Sections

Configures properties for cookies used by a Web application. 

<httpCookies
   domain = "String"
   httpOnlyCookies = "true | false"
   requireSSL = "true | false"
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes


Attribute Description
domain Optional String attribute.

Sets the cookie domain name.

httpOnlyCookies Optional Boolean attribute.

Enables output of the HttpOnlyCookies cookie in Internet Explorer 6 SP1.

Default value is false.

requireSSL Optional Boolean attribute.

Sets a value indicating whether Secure Sockets Layer ( SSL ) communication is required.

Default value is false.

NOTE: This setting is overridden by any other feature that exposes the requireSSL configuration ( for example, the <authentication> forms element ).


Child Elements

None.

Parent Elements


Element Description
configuration The required root element in every configuration file used by the common language runtime and .NET Framework applications.
system.web Specifies the root element for the ASP.NET configuration settings in a configuration file. Contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

Remarks

Internet Explorer added support in Internet Explorer 6 SP1 for a cookie property called HttpOnlyCookies that can help mitigate cross-site scripting threats that result in stolen cookies. When a cookie that has HttpOnlyCookies set to true is received by a compliant browser, it is inaccessible to client-side script. For more information on possible attacks and how this cookie property can help mitigate them, please see Mitigating Cross-Site Scripting with HTTP-Only Cookies.

Default Configuration

The following default httpCookies element is not explicitly configured in the machine configuration file or in the root Web.config file, but is the default configuration returned by an application in the .NET Framework version 2.0. 

<httpCookies
   httpOnlyCookies = "false"
   requireSSL = "false"
   domain = "" />

Example

The following example configures cookies for an ASP.NET application. 

<httpCookies
   httpOnlyCookies = "false"
   requireSSL = "false" />
See Also

ASP.NET Configuration   HttpCookiesSection Class



Books and more ...


Suggested Reading

Need a break ?


Previous page Back to top Next page

Check out related books at Amazon

© 2000-2008 Rey Nuñez All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note

You can help support aspxtreme