You can tag your cookies with an HttpOnly attribute. This will make sure that a cookie that has this tag is only capable of being accessed by the server. This means that the cookie is safe from being accessed by any sort of script coming from the client side.
HttpOnly tagged cookies make it harder for a bulk of XSS attacks to succeed.
The HttpOnly attribute can possibly be set in web.config, just like in the following snippet:
<httpCookies domain=”String” httpOnlyCookies=”true” requireSSL=”true”>
The attribute could also be set individually for each cookie, like this:
Response.Cookies[“CookieExample”].Value= "Value to be remembered";
Response.Cookies[“CookieExample].HttpOnly=true;
The "CookieExample" string is meant to contain a name of your choice that you assign to your cookie as a developer. Both Value and HttpOnly are attributes or properties for your named cookie that you can assign values to, as seen in the preceding example.