Cookies Stealing:-

Most of the sites use the cookies to store the user information after login. Application will use these cookies to authenticate the user between request. If attackers can steal the cookies, then you are gone!!

There are two types of cookies available

Session Cookies – this type of cookies stored in the browser memory and are transmitted via the header during every request

Persistent cookies – this type of cookies are stored in actual text files on your computer hard drive and are transmitted via the header during every request

Solution:

Attacker generally uses the scripts to access the cookies. This can be avoided by simply adding “HttpOnly” flog in web.config file.

    
<httpCookies 
     httpOnlyCookies="true" 
        requireSSL="false"/>
    
    

It can also be set to the individual cookies you write

    
Request.Cookies["MyCookies"].Value = "userName:XXX";
Request.Cookies ["MyCookies"].HttpOnly=true ;