What is hijack sessions attacks?
In computer science, session hijacking refers to the exploitation of a valid computer session (sometimes also called a session key) to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.
With ASP.Net 2.0, Forms Authentication cookie is not available to client side script to prevent XSS. Check this http://msdn.microsoft.com/en-us/netframework/aa497240.aspx
You can also mark all cookies as HttpOnly cookies using the configuration file by adding the following code under the <system.web> configuration section