Menu
Is there a way to mark classic ASP ASPSESSIONID* cookies as secure? It appears that the ASP ISAPI handler adds that session id cookie after my page is done rendering so putting code at the end of my page to loop through the Response.Cookie collection and mark them as secure doesn't seem to touch the ASPSESSIONID* cookie. Any other way of doing this?
517
The answer is no there isn't There isn't on the standard UI provided by IIS manager. However, you can enable secure cookies for the SessionID via the AspKeepSessionIDSecure Metabase value
167
I run this command:
CSCRIPT C:\Inetpub\AdminScripts\adsutil.vbs set w3svc/1/AspKeepSessionIDSecure 1
More information here: http://blogs.msdn.com/b/rahulso/archive/2007/06/19/cookies-case-study-with-ssl-and-frames-classic-asp.aspx
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
