Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?
This is the final thing that\'s been flagged in a vulnerability scan and needs fixing AS
Response.AddHeader "Set-Cookie", "CookieName=CookieValue; path=/; HttpOnly"
Source: http://www.asp101.com/tips/index.asp?id=160