Secure cookies with mod_usertrack
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: users@xxxxxxxxxxxxxxxx
- Subject: Secure cookies with mod_usertrack
- From: Alex Kaiser <alextkaiser@xxxxxxxxx>
- Date: Tue, 14 Feb 2017 11:22:13 -0800
- Reply-to: users@xxxxxxxxxxxxxxxx
Hello,
Is there a way to make cookies created by mod_usertrack Secure? We just upgraded from httpd 2.2.31 to 2.4.23 and now cookies created by mod_usertrack are no longer secure. We have the line "Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure" in our httpd.conf, that in 2.2 was setting them to secure, but now in 2.4 doesn't seem to be doing anything?
It seems like the patch for https://bz.apache.org/bugzilla/show_bug.cgi?id=29755 changed the usertrack hook to use APR_HOOK_REALLY_FIRST instead of APR_HOOK_FIRST, which I'm guessing is the cause of my problem, but I don't know how to fix the problem that this change seems to have created.
Thanks,
Alex Kaiser
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
