Rewrite response cookie headers

Topics: Developer Forum
Dec 5, 2010 at 3:07 PM

Using the IIS7 Rewriting engine I have a rule which adds "; HttpOnly" to any response "Set-Cookie" headers that do not already have "HttpOnly" on.

I need to provide the same function on IIS6. Is this possible with IIRF?

Similarly I would like to strip the "Secure" option from any incoming cookies and add it to any outgoing "Set-Cookie" headers.

Is this also possible with IIRF?



Dec 5, 2010 at 8:29 PM

you can set headers with IIRF; you can set headers to the value of the header + an additional string.  So I think you can do the Set-Cookie thing.

I don't know what you mean about the "Secure" part.

Sounds like it should work.


Dec 5, 2010 at 10:20 PM

Thanks, but I can't see in the documentation any way of changing response headers.

Dec 5, 2010 at 10:21 PM

Whoops - that's right, my mistake. IIRF rewrites requests.  Incoming headers only.

Not outgoing headers, like Set-Cookie.