Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!

Posted by E.Shafii on Stack Overflow See other posts from Stack Overflow or by E.Shafii
Published on 2010-06-07T15:14:04Z Indexed on 2010/06/07 21:52 UTC
Read the original article Hit count: 707

Hello all,

Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?

This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated.

~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~

Can anyone please help me with this?

I need to know how to set HTTPONLY on the ASPSESSION cookie created by default from ASP & IIS.

This is the cookie automatically created by the server for all asp pages.

If needed i can set HTTPONLY on all cookie across the site.

Any help on how to do this would be massively appreciated.

Thanks

Thanks Elliott

© Stack Overflow or respective owner

Related posts about asp-classic

Related posts about httponly