I'm not really sure if this should fall under the IIS.net forum, but i had a similar issue where i needed to update the Metabase.xml so it might be a similar fix.
Basically, this is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is hugely appreciated.
I need to know how to set HTTPONLY on the ASPSESSION cookie created by default from ASP & IIS. This is the cookie is automatically created by the server for all asp pages. The issue i had before was to do with setting the cookie as secure because this is running
through https.
If needed i can set HTTPONLY on all cookie across the site.
Any help on how to do this would be massively appreciated.
3 Posts
Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!
Jun 07, 2010 06:00 PM|Shafii|LINK
I'm not really sure if this should fall under the IIS.net forum, but i had a similar issue where i needed to update the Metabase.xml so it might be a similar fix.
Basically, this is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is hugely appreciated.
I need to know how to set HTTPONLY on the ASPSESSION cookie created by default from ASP & IIS. This is the cookie is automatically created by the server for all asp pages. The issue i had before was to do with setting the cookie as secure because this is running through https.
If needed i can set HTTPONLY on all cookie across the site.
Any help on how to do this would be massively appreciated.
Thanks a lot,
Elliott
HTTPONLY for CLASSIC ASP Session Cookie