All geek questions in one place

Classic ASP: How to check if the ASPSESSIONID * secure cookie is checked?

I am trying to mark the ASP session id cookie as HttpOnly but cannot find a way to find out if it works. The environment in which I am trying to do this is as follows: OS: Windows Server 2003 IIS: 6 ASP Version: ASP 3 (classic ASP)

To mark the cookie only as http, I followed MS KB

According to our architect's suggestion, to check if this works, javascript document.cookie should not read cookie ASPSESSIONID *. My problem is that javascript: alert (document.cookie) still echoes the cookie ASPSESSIONID *, although it seems to be encrypted (?)

I also tried to do this with Response.AddHeader "Set-Cookie", but cannot determine what value to give this header to mark all cookies or LAST ASP session id cookies as HttpOnly. Help!!!

+3
source share
3 answers

I don't think your architect is right about accessing the cookie in javascript.

There is no reason to stop javascript from starting on your page from accessing the cookie more than javascript, accessing the rest of your data in HTML.

The purpose of adding a secure identifier to a cookie is to prevent it from being sent in an insecure request.

cookie , https, - , , http. cookie , Set , , https.

, , fiddler, https, http. Fiddler , , cookie ASPSESSION.

+3

- "" PCI. , , :

<%
Dim AspSessionCookie
AspSessionCookie = Request.ServerVariables("HTTP_COOKIE")

If len(AspSessionCookie) > 0 Then
    AspSessionCookie = "ASPSESSIONID" & Split(AspSessionCookie,"ASPSESSIONID")(1)
    If  InStr(1,AspSessionCookie,";") then
        AspSessionCookie = Split(AspSessionCookie,";")(0)        
    End If

    Response.AddHeader "Set-Cookie", AspSessionCookie & ";HttpOnly"
Else 
    Response.redirect(Request.ServerVariables("URL"))
End If

% >

+4

, , SECURE HTTPONLY . MS KB SECURE.

cookie SECURE IIS/Browser, ASP HTTP.

cookie HTTPONLY script (javascript).

HTTPONLY cookie sessionID. cookie sessionID, . .

+3

Source: https://habr.com/ru/post/1729190/

More articles:


All Articles