Most of the sites use the cookies to store the user information after login. Application will use these cookies to authenticate the user between request. If attackers can steal the cookies, then you are gone!!
There are two types of cookies available
Session Cookies – this type of cookies stored in the browser memory and are transmitted via the header during every request
Persistent cookies – this type of cookies are stored in actual text files on your computer hard drive and are transmitted via the header during every request
Solution:
Attacker generally uses the scripts to access the cookies. This can be avoided by simply adding “HttpOnly” flog in web.config file.
It can also be set to the individual cookies you write