Setting HTTPONLY for Classic Asp Session Cookie

后端未结

关注

 7  1606

Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?

This is the final thing that\'s been flagged in a vulnerability scan and needs fixing AS

7条回答

2020-12-08 10:22

Microsoft includes an example using an ISAPI filter to all outbound cookies: http://msdn.microsoft.com/en-us/library/ms972826

or URL rewriting could be used http://forums.iis.net/p/1168473/1946312.aspx

0 讨论(0)