Update Web.config add following configuration:
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" lockItem="true" />
</system.web>
This configuration:
- Ensures that cookies are secure across your site
- Ensures that a client-side script cannot read the cookies
- Prevents any additional configuration from overriding these settings.