Set HTTPOnly for Classic ASPSessionIDxxx cookie

A

Andrew

Hi,

A security audit company has advised that we should set the HTTPOnly
attribute of the autogenerated ASPSessionID cookie in classic ASP.

Although I can set this for cookies I create I can find no way to set this
for the autogenerated cookie.

Could anyone please advise if this is possible and point me in the direction
of a fix?

BR

Andrew
 
B

Bob Barrows

The answers you received when you posted this question 10 days ago will not
have changed in that time.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Classic ASP ASPSessionID cookie HTTPOnly 4
How do I set up IIS to debug classic ASP? 0
How do I set the default content page) on a Classic ASP file? 0
Set cookie in the browser following a Post request 1
cookie expiry - classic asp 0
ASP Classic Session Bug, related to Cookie Expiry 1
IIS 7 and web.config for classic ASP 1
Security of a cookie 3

Members online

No members online now.
Total: 37 (members: 0, guests: 37)
Robots: 201

Forum statistics

Threads
473,755
Messages
2,569,534
Members
45,008
Latest member
Rahul737

Latest Threads

Top