Prev: Web Farm and State Preservation
Next: Detecting hotlinking
From: Andrew on 28 Jan 2010 06:40
Hi,

A security audit company has advised that we should set the HTTPOnly
attribute of the autogenerated ASPSessionID cookie in classic ASP.

Although I can set this for cookies I create I can find no way to set this
for the autogenerated cookie.

Could anyone please advise if this is possible and point me in the direction
of a fix?

BR

Andrew
From: Bob Barrows on 28 Jan 2010 10:28
The answers you received when you posted this question 10 days ago will not
have changed in that time.

Andrew wrote:
> Hi,
>
> A security audit company has advised that we should set the HTTPOnly
> attribute of the autogenerated ASPSessionID cookie in classic ASP.
>
> Although I can set this for cookies I create I can find no way to set
> this for the autogenerated cookie.
>
> Could anyone please advise if this is possible and point me in the
> direction of a fix?
>
> BR
>
> Andrew

--
Microsoft MVP - ASP/ASP.NET - 2004-2007
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


 | 
Pages: 1
Prev: Web Farm and State Preservation
Next: Detecting hotlinking