[LearnAdmin] Setting a Secure Flag to cookie in httpd - Apache
6 views
Skip to first unread message
Naresh Surampudi
Jul 30, 2014, 6:27:29 AM7/30/14
to learnadmin+g...@googlegroups.com
First check if mod_headers is loaded. Else enable that module
LoadModule headers_module modules/mod_headers.so
Once the module is loaded .
Header edit Set-Cookie ^(.*)$ $1;Secure
Add above line to your virtual host in httpd.conf/ssl.conf as per your config
What this does is it adds a secure flag to your cookie. This flag is set by application server when sending
a new cookie to client/user when sending http response.This also mean that server will not send cookie over http. It sends only via https .This prevents unauthorized access to cookie data
This can be done via code in java or can be done @ apache/httpd config level.
Here is more info on code level changes click here..!!
LoadModule headers_module modules/mod_headers.so
Once the module is loaded .
Header edit Set-Cookie ^(.*)$ $1;Secure
Add above line to your virtual host in httpd.conf/ssl.conf as per your config
What this does is it adds a secure flag to your cookie. This flag is set by application server when sending
a new cookie to client/user when sending http response.This also mean that server will not send cookie over http. It sends only via https .This prevents unauthorized access to cookie data
This can be done via code in java or can be done @ apache/httpd config level.
Here is more info on code level changes click here..!!
--
Posted By Naresh Surampudi to LearnAdmin at 7/30/2014 03:57:00 PM
Reply all
Reply to author
Forward
0 new messages