Menu
How to set all the cookie variables in a page to HTTPOnly in ASP?
444
Set HttpOnly cookie in PHPini_set("session. cookie_httponly", True); This is the most common way to set cookies in PHP, empty variables will hold their default value.
An HttpOnly Cookie is a tag added to a browser cookie that prevents client-side scripts from accessing data. It provides a gate that prevents the specialized cookie from being accessed by anything other than the server.
If your browser supports HttpOnly, and you enable it for a cookie, a client-side script should NOT be able to read OR write to that cookie, but the browser can still send its value to the server. However, some browsers only prevent client side read access, but do not prevent write access.
I'm afraid using the Response.Cookies collection will not work when setting HttpOnly (it's been driving me slowly mad!). As vbscript (well at least on the server i'm testing on) will character encode the semicolon.
Instead, add the header manually yourself, for example:
Response.AddHeader "Set-Cookie", "YourCookieName=YourCookieValue; path=/; HttpOnly"
There is a similar post on stackoverflow called: How exactly do you configure httpOnly Cookies in ASP Classic?
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
