user746627
Reputation: 11
Set HttpOnly for all cookies in sub folders/directories
I am using IIS URLRewrite to add the HttpOnly option to all outgoing requests, except it is not add this for requests to for example my ./images/ folder where a cookie is set.
Result: Set-Cookie: ASPSESSIONIDQECSBATA=KGBFCMFABKMKPHBLFJHPNEJN; secure; path=/
My outbound rule:
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
</preConditions>
How do I get the HttpOnly flag added to the cookie being set for my images folder?
Upvotes: 1
Views: 1939
Answers (1)
AJB
Reputation: 11
Put the outbound rule at the server level. This will go in the applicationHost.config and apply it to all sites on that server.
Upvotes: 1
Related Questions
- URL Rewrite Custom Header into a Cookie
- How to add a cookie to all subdomain URLs?
- Using IIS Rewrite to add HttpOnly Flag To Cookies Not Working
- IIS rewrite how to intercept a set cookie value
- Regarding cookies accessibility in virtual directories
- IIS Rewrite Rule is not setting HTTP_COOKIE
- URL rewrite IIS 7 replace cookie value for an inbound rule
- Rewrite URL for all requests to a folder in ASP.NET 3.5 - IIS 7
- Rewrite rules for response headers in IIS 7 (replacing the cookie path)
- Cookies. Case Sensitive Paths. How to rewrite URLs