设置cookie为HttpOnly

对于 .NET 2.0 应用可以在web.config中启用 HttpOnly <httpCookies httpOnlyCookies="true">