Hi experts.
This is my first post in apache mailing list.
Ubuntu Apache : 2.4
I am trying to make every cookie generated by app or apache http server secure, httponly with domain set to site domain name
Example: There is a cookie called MyCookie1=12345;
I am using below rule to make it work.
Then I realized that there are many cookies with secure, httponly,domain name set by app already. By using above rule in apache, cookies are now having multiple domain,secure & httponly values.
Example
Mycookie1.app1=123456;domain=*.
corp.test.com,secure,httponly cookie is resulting as
Mycookie1.app1=12345;domain=*.
corp.test.com,secure,httponly,domain=
xyz.corp.test.com,Secure,Httponly. (app is setting to secure and httponly in lowercase and apache is appending Secure and Httponly starting with uppercase).
I am using below rules to avoid duplicates but it breaks down the application.
Header edit Set-Cookie ^(.*);\s?secure;?\s?(.*);\s?secure;?\s?(.*)$ "$1; $2; $3; Secure"
Header edit Set-Cookie ^(.*);\s?httpOnly;?\s?(.*);\s?httpOnly;?\s?(.*)$ "$1; $2; $3; HttpOnly"
#Strip off double ;; settings
Header edit Set-Cookie ^(.*);\s?;\s?(.*)$ "$1; $2"
How do I remove secure, httponly & domain if present and add using Header edit cookie rule
and how do I append secure httponly and domain if not present in cookie.
I appreciate your time and help.
Thanks,
Kumar