Set HTTPOnly for Classic ASPSessionIDxxx cookie

Discussion in 'ASP General' started by Andrew, Jan 28, 2010.

  1. Andrew

    Andrew Guest

    Hi,

    A security audit company has advised that we should set the HTTPOnly
    attribute of the autogenerated ASPSessionID cookie in classic ASP.

    Although I can set this for cookies I create I can find no way to set this
    for the autogenerated cookie.

    Could anyone please advise if this is possible and point me in the direction
    of a fix?

    BR

    Andrew
     
    Andrew, Jan 28, 2010
    #1
    1. Advertisements

  2. Andrew

    Bob Barrows Guest

    The answers you received when you posted this question 10 days ago will not
    have changed in that time.
     
    Bob Barrows, Jan 28, 2010
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.