Re: set httponly flag for only "session" cookie

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

try adapting the commented example here for samesite: https://github.com/covener/apache-samesite/blob/master/samesite-global.conf

On Sat, Oct 24, 2020 at 10:01 PM Sathish Vijayan <Sathish.Vijayan@xxxxxx> wrote:

Hi!

 

I am using form based authenciation and enabled a session cookie to store the user session with username and password as below.

And trying to set httponly flag for only “session” cookie. Please help to solve this with a configuration in apache 2.4.25 version.

 

AuthType form

  AuthName "TEST"

  AuthUserFile /user/passwords

  AuthGroupFile /user/groups

  AuthFormLoginRequiredLocation /login/login.html

  AuthFormFakeBasicAuth On

  Session On

  SessionCryptoPassphrase secret

  SessionCookieName session path=/;httponly;secure;

    Require valid-user

 

Developer tool:

 

 

Please note: I don’t want to set the httponly flag for other cookies. I tried the below but It enables the httponly flag for all cookies, while browsing the webpage :

 

<IfModule headers_module>

  Header edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"

  Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"

 

Or

 

  Header edit Set-Cookie ^(.*)$ $1;HttpOnly;secure 

</IfModule>

 

Regards,

Sathish Vijayan

 

 

Det här e-postmeddelandet kan innehålla personuppgifter om dig som sändare eller mottagare samt om andra personer. Information om hur vi på Tre behandlar personuppgifter finns att läsa på www.tre.se/gdpr.



--
Eric Covener
covener@xxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux