I have an app that is a combination of asp/asp.net, and both sides depend on the same cookies (they are in the same domain). There are some values in the cookies that I don't want going to the client anymore due to security concerns. What I was hoping to accomplish is to take out these values so they no longer go to the client, and then on every server request, somehow "inject" the values back into the cookie so the app will still function properly.
Is this even possible? I thought it might be through ISAPI, but I don't know c++ to well.
I think that isapi filter is your only option. If you don't want to use c++ than it can be done in python.
Other option is to upgrade the server to windows 2008. In IIS 7 it is possible to write isapi filter in .net language.
Changing the applications is much saner option.