HttpOnly cookies are a Microsoft extension to the cookie standard. The idea is that cookies marked as httpOnly cannot be accessed from JavaScript. This was implemented to stop cookie stealing through XSS vulnerabilities. This is unlike many people believe not a way to stop XSS vulnerabilities, but a way to stop one of the possible attacks (cookie stealing) that are possible through XSS.

ASP.NET uses that feature by default and thus there is no possibility to access to cookies which are marked as httpOnly (for example "ASP.NET_SessionId") in Internet Explorer. To turn it off add following settings to web.config file:

<system.web>
    <httpCookies httpOnlyCookies="false" />
</system.web>