michaeltiger
New Member
I am trying to find a way to enable HTTPONLY on the ASPSESSIONID cookie that is auto generated for classic ASP sites. I know that .NET 2.0+ sites have the ASP session cookie defaulted to HTTPONLY, but I need to get this configured for classic ASP. I have tried to use the HTTPONLY.dll filter, but that ISAPI filter only works for manually created cookies. Using the F5 is not an option at this point. Please let me know if there is a way to do this without upgrading to IIS7 and only using IIS6. Thanks.