Confusing ASP.NET session cookie rewriting with HttpOnly flag version 10

This is my final version as I needed to exlude some cookies from being manipulated. Hopefully someone may find it useful

 

 

This is working perfectly, so thanks again nitass

 

 

when HTTP_RESPONSE {

 

set myValues [HTTP::header values "Set-Cookie"]

 

HTTP::header remove "Set-Cookie"

 

foreach mycookies $myValues {

 

scan [lindex $mycookies 0] {%[^=]=%[^;]} currentName currentValue

 

set myflags [lindex $mycookies 1]

 

switch $currentName {

 

"scrubbed" -

 

"redacted" -

 

"deleted" -

 

"notforyoutoknow"

 

{

 

HTTP::header insert "Set-Cookie" "$currentName=$currentValue; $myflags"

 

}

 

default {

 

HTTP::header insert "Set-Cookie" "$currentName=$currentValue; HttpOnly; Secure; Path=/"

 

}

 

}

 

}

 

}