设置的HttpOnly传统的ASP会话Cookie [英] Setting HTTPONLY for Classic Asp Session Cookie
问题描述
有谁知道如何设置的HttpOnly在传统的ASP会话cookie?
Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?
这是被举报的漏洞扫描和修复需要尽快的最后一件事,所以任何帮助是AP preciated。
This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated.
~~~多一点信息我的问题~~~
~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~
任何人都可以请帮我这个?
我需要知道如何设置上的HttpOnly从ASP&放默认创建的ASPSESSION饼干; IIS。
I need to know how to set HTTPONLY on the ASPSESSION cookie created by default from ASP & IIS.
这是由服务器自动对所有的ASP页面创建的cookie中。
This is the cookie automatically created by the server for all asp pages.
如果需要,我可以设置仅Http在整个网站上所有的cookie。
If needed i can set HTTPONLY on all cookie across the site.
这是如何做到这将是大量的AP preciated任何帮助。
Any help on how to do this would be massively appreciated.
感谢
谢谢
艾略特
推荐答案
微软包括使用ISAPI筛选器所有出站的cookie的例子:<一href=\"http://msdn.microsoft.com/en-us/library/ms972826\">http://msdn.microsoft.com/en-us/library/ms972826
Microsoft includes an example using an ISAPI filter to all outbound cookies: http://msdn.microsoft.com/en-us/library/ms972826
或href=\"http://forums.iis.net/p/1168473/1946312.aspx\">http://forums.iis.net/p/1168473/1946312.aspx
or URL rewriting could be used http://forums.iis.net/p/1168473/1946312.aspx
<rewrite>
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
这篇关于设置的HttpOnly传统的ASP会话Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
