By design, when attempting to store XML data in a cookie, the .Net Framework will raise the a HttpRequestValidationException because request validation is enabled according to Microsoft. This is a good security mechanism to help avoid script submissions via HTTP. Rather than turning off validation, one way to eliminate problem is to use HttpUtility.UrlEncode and HttpUtility.UrlDecode to replace suspicious characters with acceptable characters. For example, to store an XML string to a cookie, one could use the following code:
HttpContext.Current.Response.Cookies.Set(New HttpCookie("Books", HttpUtility.UrlEncode(XMLstring)))