0

I amtrying to add HttpOnly to my Classic ASP cookies. I have tried all the solutions that I could find but seems like they are not working in my situation. Here is the code that I have to set up cookies:

Sub StoreCookieValue(byVal strParameter, byVal strValue)
    Select Case UCase(strParameter)
    'Case "USERID":         Response.Cookies("SessionTestCom")("UserID") = strValue
    '                       gstrUserID = strValue


    Case "SESSID":          Response.Cookies("SessionTestCom")("SessID") = strValue 
                            gintSessionID = strValue

    Case "ACCESSNUMBER":    Response.Cookies("SessionTestCom")("AccessNumber") = strValue
                            gstrAccessNumber = strValue
    Case "USERIDKEY"   :    Response.Cookies("SessionTestCom")("UserIdKey") = strValue
                            gstrAccessNumber = strValue
    End Select

    Response.Cookies("SessionTestCom").Path = "/"
    Response.Cookies("SessionTestCom").Secure  = True
    Response.AddHeader "Set-Cookie", ""&CStr(Request.ServerVariables("HTTP_COOKIE"))&";path=/;HttpOnly"&""

End Sub

Any Idea?

John wilson
  • 41
  • 2
  • 7
  • You're right. Have luck with your endeavors. – statosdotcom Feb 22 '16 at 20:41
  • 1
    ... these comments make no sense. If y'all are gonna delete a conversation, please delete *all* of it. :) – Martha Feb 23 '16 at 00:08
  • 1
    Possible duplicate of [Setting HTTPONLY for Classic Asp Session Cookie](http://stackoverflow.com/questions/2990686/setting-httponly-for-classic-asp-session-cookie) – gpinkas Feb 23 '16 at 13:40

1 Answers1

0

Ok, here is the solution that I applied and it works.

Setting HTTPONLY for Classic Asp Session Cookie

I added the re-write rule to the iOS and it fixed it.

Community
  • 1
  • 1
John wilson
  • 41
  • 2
  • 7