A
Andrew
Hi,
We have a classic ASP (not .Net) application that has been audited for
security by a third party company. They recommend that we set the
ASPSESSIONID Cookie, ie the one that is autogenerated for sessions, to use
the HTTPOnly attribute.
I can set this for cookies I explicitly create but cannot find any way in
classic ASP to set this for the automatically generated one.
Could someone please advise if this is possible so I can go back with a
definitive answer?
BR
Andrew
We have a classic ASP (not .Net) application that has been audited for
security by a third party company. They recommend that we set the
ASPSESSIONID Cookie, ie the one that is autogenerated for sessions, to use
the HTTPOnly attribute.
I can set this for cookies I explicitly create but cannot find any way in
classic ASP to set this for the automatically generated one.
Could someone please advise if this is possible so I can go back with a
definitive answer?
BR
Andrew