View Complete Thread
  • Re: Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!

    Jun 24, 2014 01:40 PM|nagaozen|LINK

    ASP Xtreme Evolution offers an easy fix for this, just set the Cookie using XCookies singleton. Source code is available as free software: https://github.com/nagaozen/asp-xtreme-evolution/blob/master/lib/axe/base.asp 

    Setting a httponly just needs a:

    > XCookies.setItem "Classic ASP Framework", "ASP Xtreme Evolution", 3600, false, "/", false, true

    HTTPONLY for CLASSIC ASP Session Cookie asp HTTPOnly