Internet Explorer 6.1 ????
In the document about ASP.NET security that Roy have linked, I've found a very interesting row...
- The HttpOnly cookie option is used for defense in depth to help prevent cross-site scripting. (This applies to Internet Explorer 6.1 or later.)
What's happening here? A new version of IE? A typo? Who knows...