RE: httpOnly cookies in ASP.NET 1.1

Scott posted a solution to support httpOnly cookies in ASP.NET 1.1 but pointed out some problems when you run the code on 2.0(http://www.hanselman.com/blog/HttpOnlyCookiesOnASPNET11.aspx)

Here is a solution:

protected void Application_EndRequest(Object sender, EventArgs e)
{
	if(System.Environment.Version.Major<2)
	{
		foreach(string cookie in Response.Cookies)
		{
			const string HTTPONLY = ";HttpOnly";
			string path = Response.Cookies[cookie].Path;
			if (path.EndsWith(HTTPONLY) == false)
			{
				//force HttpOnly to be added to the cookie
				Response.Cookies[cookie].Path += HTTPONLY;
			}
		}
	}
}

Comments (1) -

  • Thanks! I totally forgot about System.Environment.
Comments are closed