How to set all the cookie variables in a page to HTTPOnly in ASP?
+2
A:
You can send the HTTP header yourself. Or try adding it to the path property. You could write a helper function to do it for you.
http://www.asp101.com/tips/index.asp?id=160
Dim myCookie As HttpCookie
myCookie = New HttpCookie("LastVisit", DateTime.Now.ToString())
myCookie.Path += "; HttpOnly"
Response.AppendCookie(myCookie)
russau
2009-06-29 05:21:56
+1 for the code that helped me translate to ASP :)
shahkalpesh
2009-06-29 14:52:58
+2
A:
Based on russau's code, adding the code in classic ASP (vbscript).
Response.Cookies("mycookie") = myvalue
Response.Cookies("mycookie").Path = Response.Cookies("mycookie").Path + "; HttpOnly"
shahkalpesh
2009-06-29 05:53:40
+1
A:
I'm afraid using the Response.Cookies collection will not work when setting HttpOnly (it's been driving me slowly mad!). As vbscript (well at least on the server i'm testing on) will character encode the semicolon.
Instead, add the header manually yourself, for example:
Response.AddHeader "Set-Cookie", "YourCookieName=YourCookieValue; path=/; HttpOnly"
There is a similar post on stackoverflow called: How exactly do you configure httpOnly Cookies in ASP Classic?
Alex Key
2009-11-11 09:31:14