Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!

Posted by E.Shafii on Stack Overflow See other posts from Stack Overflow or by E.Shafii
Published on 2010-06-07T15:14:04Z Indexed on 2010/06/07 21:52 UTC
Read the original article Hit count: 677

Filed under:

asp-classic

|

httponly

|

session-cookies

Hello all,

Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?

This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated.

~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~

Can anyone please help me with this?

I need to know how to set HTTPONLY on the ASPSESSION cookie created by default from ASP & IIS.

This is the cookie automatically created by the server for all asp pages.

If needed i can set HTTPONLY on all cookie across the site.

Any help on how to do this would be massively appreciated.

Thanks

Thanks Elliott

© Stack Overflow or respective owner

Related posts about asp-classic

Looping through an array and calling a function on each pass in v-basic / asp classic

as seen on Stack Overflow - Search for 'Stack Overflow'
How do I loop through an array and call a function on each pass? At the minute I'm trying the following... if Request.Form("authorize") <> "" then dim post_ids, ids post_ids = Request.form("authorize") ids = split(post_ids, ",") For i = LBound(ids) to UBound(ids) … >>> More
ASP Classic Session Variable Not Always Getting Set

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a classic ASP site I'm maintaining and recently we wanted to do special rendering actions if the visitor was coming from one specific set of websites. So in the page where those visitors have to come through to get to our site, I put a simple line setting a session variable: <!-- #include… >>> More
ASP Classic page quit working

as seen on Stack Overflow - Search for 'Stack Overflow'
I've had a set of legacy pages running on my IIS7 server for at least a year. Sometime last week something changed and now this line: Response.Write CStr(myRS(0).name) & "=" & Cstr(myRS(0).value) which used to return nothing more exciting than the string: 'Updated=true' (the sproc processing… >>> More
in visual studio 2008, when I stop debugging an asp classic website visual studio always crashes

as seen on Stack Overflow - Search for 'Stack Overflow'
We are running visual studio 2008 (with the service pack) and having troubles when we are debugging an asp classic website. We can attach to the w3p process and debug just fine. breakpoints work, we can view variable values. The difficulty arises when it comes time to detach or stop the debugger… >>> More
HTML to PDF conversion from hosted ASP classic?

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to convert HTML to PDF on the fly from a hosted ASP classic page. WkHtmlToPDF is great, but unfortunately requires installation on the server which is not possible in this case. Is there something out there that would do this? >>> More

Related posts about httponly

How do HttpOnly cookies work with AJAX requests?

as seen on Stack Overflow - Search for 'Stack Overflow'
JavaScript needs access to cookies if AJAX is used on a site with access restrictions based on cookies. Will HttpOnly cookies work on an AJAX site? Edit: Microsoft created a way to prevent XSS attacks by disallowing JavaScript access to cookies if HttpOnly is specified. FireFox later adopted this… >>> More
Setting HTTPONLY for CLASSIC ASP Session Cookie

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, Does anyone know exactly how to set HTTPONLY on classic ASP session cookies? This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated. Thanks Elliott >>> More
Setting httponly in JSESSIONID cookie (Java EE 5)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to set the httponly flag on the JSESSIONID cookie. I'm working in Java EE 5, however, and can't use setHttpOnly(). First I tried to create my own JSESSIONID cookie from within the servlet's doPost() by using response.setHeader(). When that didn't work, I tried response.addHeader(). … >>> More
HttpOnly cookies on google app engine java

as seen on Stack Overflow - Search for 'Stack Overflow'
Anyone know how I can use httponly cookies for sessions and cookies on the app engine? In the javadoc for the Cookie class, http://java.sun.com/javaee/6/docs/api/javax/servlet/http/Cookie.html#setHttpOnly(boolean) , there is a setHttpOnly method. I get a compiler error when trying to use it when… >>> More
Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, Does anyone know exactly how to set HTTPONLY on classic ASP session cookies? This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated. ~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~ Can anyone please help me with this? I need… >>> More