Andrew 程式設計

http://blog.miniasp.com/post/2009/11/26/Using-HttpOnly-flag-to-avoid-XSS-attack.aspx

asp寫法
Response.AddHeader "Set-Cookie", "CookieName=CookieValue; path=/; HttpOnly"

也可以加上domain, expires，譬如
Response.AddHeader "Set-Cookie", "test=123; domain=localhost; expires="&GetGMT(now()+1)&"; path=/; HttpOnly"

function GetGMT(od)
  'GMT格式： Tue, 23 Dec 2014 23:19:08 GMT
  od=dateAdd("h",8,od)
  aWeek=Array("","Sun","Mon","Tue","Wed","Thu","Fri","Sat")
  aMonth=Array("","Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec")
  nd=aWeek(weekday(od)) &", "& day(od) &" "& aMonth(month(od)) &" "& year(od) &" "& right("00"&hour(od),2)&":"&right("00"&minute(od),2)&":"&right("00"&second(od),2)&" GMT"
  GetGMT = nd
end function