Daniel Fisher (lennybacon.com)

SOA, DATA & THE WEB

RE: httpOnly cookies in ASP.NET 1.1

Scott posted a solution to support httpOnly cookies in ASP.NET 1.1 but pointed out some problems when you run the code on 2.0(http://www.hanselman.com/blog/HttpOnlyCookiesOnASPNET11.aspx)

Here is a solution:

		
protected void Application_EndRequest(Object sender, EventArgs e)
{    
	if(System.Environment.Version.Major<2)
	{
		foreach(string cookie in Response.Cookies)    
		{        
			const string HTTPONLY = ";HttpOnly";        
			string path = Response.Cookies[cookie].Path;        
			if (path.EndsWith(HTTPONLY) == false)        
			{            
				//force HttpOnly to be added to the cookie            
				Response.Cookies[cookie].Path += HTTPONLY;        
			}    
		}
	}
}

Comments

Thanks! I totally forgot about System.Environment.

Write a comment