From: Andrew on 28 Jan 2010 06:40 Hi, A security audit company has advised that we should set the HTTPOnly attribute of the autogenerated ASPSessionID cookie in classic ASP. Although I can set this for cookies I create I can find no way to set this for the autogenerated cookie. Could anyone please advise if this is possible and point me in the direction of a fix? BR Andrew
From: Bob Barrows on 28 Jan 2010 10:28 The answers you received when you posted this question 10 days ago will not have changed in that time. Andrew wrote: > Hi, > > A security audit company has advised that we should set the HTTPOnly > attribute of the autogenerated ASPSessionID cookie in classic ASP. > > Although I can set this for cookies I create I can find no way to set > this for the autogenerated cookie. > > Could anyone please advise if this is possible and point me in the > direction of a fix? > > BR > > Andrew -- Microsoft MVP - ASP/ASP.NET - 2004-2007 Please reply to the newsgroup. This email account is my spam trap so I don't check it very often. If you must reply off-line, then remove the "NO SPAM"
|
Pages: 1 Prev: Web Farm and State Preservation Next: Detecting hotlinking |