[WEB SECURITY] Classic ASP and HTTPOnly Cookies

["Eric Jenko" <e.jenko@xxxxxxxxx>]

------=_Part_33846_7647542.1207939086001
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I've been trying to find some documentation (if any) on the forcing the
HTTPOnly cookie flag for classic ASP applications that do not run on the
.NET Framework.

As it is, everything I find and read involves either editing the
web.config/machine.config, or editing the global.asax file.  When I am am
working with the vendors/developers to secure these applications, they
respond that  "the sites are not running on .NET" and that they do not have
a global.asax or web.config file.

Any help would be definitely appreciated.

Eric
e.jenko@gmail.com

------=_Part_33846_7647542.1207939086001
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div class="gmail_quote"><div>I&#39;ve been trying to find some documentation (if any) on the forcing the HTTPOnly cookie flag for classic ASP applications that do not run on the .NET Framework.<br><br>As it is, everything I find and read involves either editing the web.config/machine.config, or editing the global.asax file.&nbsp; When I am am working with the vendors/developers to secure these applications, they respond that&nbsp; &quot;the sites are not running on .NET&quot; and that they do not have a global.asax or web.config file.<br>
<br>Any help would be definitely appreciated.<br><br>Eric<br></div></div><a href="mailto:e.jenko@gmail.com"; target="_blank">e.jenko@gmail.com</a>

------=_Part_33846_7647542.1207939086001--