After reading this SO post, I too need to set ASPSESSIONID[random-string-here] cookies to be HttpOnly for Classic ASP pages. But, in IIS 5.
So, what are my options? I'm not generating these cookies, they seem to be auto-generated. Is there an IIS 5, global, web.config setting I could change?
