httpOnly does not seem to work for RadPanelBar cookie

2 posts, 0 answers
  1. Shawn Taylor
    Shawn Taylor avatar
    5 posts
    Member since:
    Sep 2009

    Posted 19 Jul 2013 Link to this post

    We have set httpOnly for all cookies in our web.config and we have PersistStateInCookie set to true for our RadPanelBar however the cookie generated by the RadPanelBar does not seem to be httpOnly.  We verified this using FireBug in the FireFox browser.  Is this because the cookie has be accessed by javascript that Telerik is using?
  2. Boyan Dimitrov
    Admin
    Boyan Dimitrov avatar
    1746 posts

    Posted 24 Jul 2013 Link to this post

    Hello,

    Thank you for contacting Telerik Support.

    Your observations are absolutely correct and the cookie generated by RadPanelBar is not httpOnly and can be accessed on the client side using JavaScript. I would like to clarify that the httpOnly cookies could not be accessed from the JavaScript.

    Hope that this will be helpful.

    Regards,
    Boyan Dimitrov
    Telerik
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
  3. UI for ASP.NET Ajax is Ready for VS 2017
Back to Top