RE: httpOnly cookies in ASP.NET 1.1

Scott posted a solution to support httpOnly cookies in ASP.NET 1.1 but pointed out some problems when you run the code on 2.0(http://www.hanselman.com/blog/HttpOnlyCookiesOnASPNET11.aspx)

Here is a solution:

protected void Application_EndRequest(Object sender, EventArgs e)
{
    if(System.Environment.Version.Major<2)
    {
        foreach(string cookie in Response.Cookies)
        {
            const string HTTPONLY = ";HttpOnly";
            string path = Response.Cookies[cookie].Path;
            if (path.EndsWith(HTTPONLY) == false)
            {
                //force HttpOnly to be added to the cookie
                Response.Cookies[cookie].Path += HTTPONLY;
            }
        }
    }
}

lennybacon.com▋

Daniel Fisher (he/him)

RE: httpOnly cookies in ASP.NET 1.1