IIS 5 & IIS 6
ISAPI Filter for Setting Secure and HTTPOnly Flag
Last post Oct 17, 2017 09:14 AM by Yuk Ding
Oct 13, 2017 08:11 AM|Muthukaruppan Devloper|LINK
I want secure my classic ASP Cookies which are Created by IIS(like ASPSESSSIONID).Based on my understanding, I tried blow URL.,
But when I trying to Add ISAPI filter DLL, status showed as "Not Loaded". And my IIS version is 6.
What can be wrong?
Oct 16, 2017 02:50 AM|Yuk Ding|LINK
The ISAPI DLL could show not loaded for several reason. So first of all, please ensure the dll has been complied and used following this link https://blogs.msdn.microsoft.com/david.wang/2005/12/20/howto-compile-and-use-my-isapi-code-samples/.
Just ensure you werer using a x32 dll.
Secondly, you may need to check whether the ACL is affecting the dll. So try to grant permission for IIS_WPG and authenticated user.
Oct 16, 2017 09:59 AM|Muthukaruppan Devloper|LINK
Finally I loaded the DLL and now shows like,
"Http only: Yes" and "Secure:No". But my website is 'https:\\' only.
so I want set secure Flag also 'Yes'.
Oct 17, 2017 09:14 AM|Yuk Ding|LINK
It seems that you need to enable the require ssl for IIS 6 httpcookie. But I didn't find any original IIS configuration for this. It is recommended to update the OS to use IIS7, then http only and require could be easily avaliable.