The HttpOnly is a flag set on the server side when sending a cookie that instructs the browser to avoid giving client-side scripts access to that data. Prior to Kentico CMS 6.0 the default value of the
HttpOnly flag for all cookies generated by Kentico CMS was
false. Since Kentico CMS 6.0 this behavior has been changed in the way that all cookies have the
HttpOnly flag set to
true for security reasons. Therefore it might happen that some of your client-side scripts trying to read some cookie and working in the previous version are no longer working in Kentico CMS 6.0, as you would expect. If so, you have two options.
You can either use the overloaded version of the
CookieHelper.Setvalue method that accepts the HttpOnly value as an input parameter and set it to
false:
public static void SetValue (
string name,
string value,
string path
DateTime expires
bool? httpOnly
)
or change the following value in the
web.config file so that all cookies are sent with the
HttpOnly flag set to
false:
<httpCookies httpOnlyCookies="true"/>
Links to other resources: HttpOnly flag
-ml-