View Complete Thread
  • Re: Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!

    Oct 30, 2013 03:03 AM|tskol777|LINK

    Hello!

    I have a problem with URL rewrite module and the rule :

    <rewrite>
    <outboundRules>
    <rule name="Add HttpOnly" preCondition="No HttpOnly" patternSyntax="Wildcard">
    <match serverVariable="RESPONSE_Set_Cookie" pattern="ASPSESSIONID*" negate="false"/>
    <action type="Rewrite" value="{R:0}; HttpOnly"/>
    <conditions/>
    </rule>
    <preConditions>
    <preCondition name="No HttpOnly">
    <add input="{RESPONSE_Set_Cookie}" pattern="."/>
    <add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true"/>
    </preCondition>
    </preConditions>
    </outboundRules>
    </rewrite>

    It's working, but from time to time web pages start to display strange symbols, see example below.

    It's not all time but occupationally. After IIS restart all working again for a short time and the problem appear again later.

    Could someone help me please?

    HTTPONLY for CLASSIC ASP Session Cookie