Set HTTPOnly for Classic ASPSessionIDxxx cookie

Discussion in 'ASP General' started by Andrew, Jan 28, 2010.

  1. Andrew

    Andrew Guest


    A security audit company has advised that we should set the HTTPOnly
    attribute of the autogenerated ASPSessionID cookie in classic ASP.

    Although I can set this for cookies I create I can find no way to set this
    for the autogenerated cookie.

    Could anyone please advise if this is possible and point me in the direction
    of a fix?


    Andrew, Jan 28, 2010
    1. Advertisements

  2. Andrew

    Bob Barrows Guest

    The answers you received when you posted this question 10 days ago will not
    have changed in that time.
    Bob Barrows, Jan 28, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.