Setting HTTPONLY for CLASSIC ASP Session Cookie

Posted by E.Shafii on Stack Overflow See other posts from Stack Overflow or by E.Shafii
Published on 2010-06-07T15:14:04Z Indexed on 2010/06/07 15:22 UTC
Read the original article Hit count: 723

Filed under:

httponly

|

session-cookies

Hello all,

Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?

This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated.

Thanks Elliott

© Stack Overflow or respective owner

Related posts about httponly

How do HttpOnly cookies work with AJAX requests?

as seen on Stack Overflow - Search for 'Stack Overflow'
JavaScript needs access to cookies if AJAX is used on a site with access restrictions based on cookies. Will HttpOnly cookies work on an AJAX site? Edit: Microsoft created a way to prevent XSS attacks by disallowing JavaScript access to cookies if HttpOnly is specified. FireFox later adopted this… >>> More
Setting HTTPONLY for CLASSIC ASP Session Cookie

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, Does anyone know exactly how to set HTTPONLY on classic ASP session cookies? This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated. Thanks Elliott >>> More
Setting httponly in JSESSIONID cookie (Java EE 5)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to set the httponly flag on the JSESSIONID cookie. I'm working in Java EE 5, however, and can't use setHttpOnly(). First I tried to create my own JSESSIONID cookie from within the servlet's doPost() by using response.setHeader(). When that didn't work, I tried response.addHeader(). … >>> More
HttpOnly cookies on google app engine java

as seen on Stack Overflow - Search for 'Stack Overflow'
Anyone know how I can use httponly cookies for sessions and cookies on the app engine? In the javadoc for the Cookie class, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean) , there is a setHttpOnly method. I get a compiler error when trying to use it when… >>> More
Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, Does anyone know exactly how to set HTTPONLY on classic ASP session cookies? This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated. ~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~ Can anyone please help me with this? I need… >>> More

Related posts about session-cookies

PHP Session Cookies fail with users changing IP

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I have a login script for a small application that works by storing session cookies and checking them on each page to make sure the user is logged in. One of the two users who uses the system keeps getting logged out randomly. This appears to be down to the session cookie that shows then authenticated… >>> More
Session Cookies and IE 8

as seen on Stack Overflow - Search for 'Stack Overflow'
I recently built a simple web-app deployed over Tomcat. The app uses pretty standard session based security where a user who has logged in is given a session. Sessions work fine in Firefox and Chrome, but require the use of jsessionid in the URL for IE (tested 7 & 8), set to medium privacy.… >>> More
How to share session cookies between Internet Explorer and an ActiveX components hosted in a webpage

as seen on Stack Overflow - Search for 'Stack Overflow'
I am currently working on a .Net application which makes HTTP requests to some web applications hosted on a IIS server. The application is deployed through ClickOnce and is working fine on simple networks architectures. One of our customers has a very complex network involving a custom authentication… >>> More
Best way for allowing subdomain session cookies using Tomcat

as seen on Stack Overflow - Search for 'Stack Overflow'
By default tomcat will create a session cookie for the current domain. If you are on www.example.com, your cookie will be created for www.example.com (will only work on www.example.com). Whereas for example.com it will be created for .example.com (desired behaviour, will work on any subdomain of… >>> More
Firefox session cookies

as seen on Stack Overflow - Search for 'Stack Overflow'
Generally speaking, when given a cookie that has no expiration period, modern browsers will consider this cookie to be a 'session cookie', they will remove the cookie at the end of the browsing session (generally when the browser instance closes). IE, Opera, Safari and Chrome all support this behavior… >>> More