HTTP Only cookies ? I thought cookies were for everyone specially for Applet :)

Another broken .NET 2.0 which falls in "not my problem" category . So IE 6 SP1 supports a new property for cookies called "HttpOnly". Appearantly this was designed to prevent cross site scripting. So if any cookie is set on server side as 'HTTP Only' , you can not access this cookie via Javascript. Fair enough!. In turns out that you can access this cookie in activeX control but not in applet ( In SUN JVM - It took me a while to figure this out... Thanks Fiddler) .. and to add a twist, ASP.NET 2.0 by default sets the ASP.NET_SessionId cookie ( the cookie to identify ASP.NET session) as HTTPOnly.

So if your application relies on ASp.NET_SessionID and also usages Applet and your code use to work in 1.0 framework, You should revisit because there is a good chance that it is broken in Net.2.0


Here are some other blogs which were helpful in troubleshooting my issue

http://blogs.msdn.com/jorman/archive/2006/03/05/544119.aspx

http://support.microsoft.com/kb/917412

http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/httponly_cookies.asp