Defining cookie as secure and httponly in web config (Classic ASP, IIS 6.0).

Question

I need to declare all ASP cookies as secure and httponly. The code is in Classic ASP and IIS ver is 6.0.

The cookie has been defined as follows:

<sessionState
mode="InProc"
stateConnectionString=""
sqlConnectionString=""
cookieless="false"
timeout="20"
/>

Is there a way in which I can change the properties of the cookies created by the application?

score 0 · Answer 1 · answered Jun 05 '14 at 07:06

0

that is not possible for classic asp. furthermore you are showing code of the web.config, right? taht file has absolutely nothing to do with classic asp...

answered Jun 05 '14 at 07:06

ulluoink

2,775
2
17
22

Defining cookie as secure and httponly in web config (Classic ASP, IIS 6.0).

1 Answers1