httpOnly does not seem to work for RadPanelBar cookie

2 posts, 0 answers
  1. Shawn Taylor
    Shawn Taylor avatar
    5 posts
    Member since:
    Sep 2009

    Posted 19 Jul 2013 Link to this post

    We have set httpOnly for all cookies in our web.config and we have PersistStateInCookie set to true for our RadPanelBar however the cookie generated by the RadPanelBar does not seem to be httpOnly.  We verified this using FireBug in the FireFox browser.  Is this because the cookie has be accessed by javascript that Telerik is using?
  2. Boyan Dimitrov
    Boyan Dimitrov avatar
    1728 posts

    Posted 24 Jul 2013 Link to this post


    Thank you for contacting Telerik Support.

    Your observations are absolutely correct and the cookie generated by RadPanelBar is not httpOnly and can be accessed on the client side using JavaScript. I would like to clarify that the httpOnly cookies could not be accessed from the JavaScript.

    Hope that this will be helpful.

    Boyan Dimitrov
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
  3. DevCraft R3 2016 release webinar banner
Back to Top