cookie HttpOnly global.asa

[joecool2005]

Hi, In global.asa when I create a cookie with HttpOnly like this Response.Cookies("mycookie")("x") = "abc";Response.Cookies("mycookie").Path ="/; HttpOnly") it displayed me this path=/%3B%20HttpOnly How can I fix this in global.asa? ThxJoe

[justsomeguy]

You send the cookie header manually: Response.AddHeader "Set-Cookie", "YourCookieName=YourCookieValue; path=/; HttpOnly"

[joecool2005]

Is it possible to add value into cookie dynamically in global.asa?I want to set the cookie before the application start.

[justsomeguy]

The value is part of the header. Make sure to URL-encode the value part.

[joecool2005]

After the cookie is set in global.asa, I added this in asp file<meta http-equiv="content-type" content="text/html; charset=UTF-8">and it still showed me path=/%3B%20HttpOnly

[justsomeguy]

I'm not sure what the content-type tag has to do with this. Just to be clear, if you need to set additional properties on the cookie you can not use response.cookies, you have to send the cookie header manually. ASP will encode everything automatically and mess it up if you use response.cookies. You need to send the header yourself and make sure you encode the correct parts that need to be encoded. The name and value need to be encoded if they contain non-alphanumeric characters.