We are trying to use mod_headers to append the httponly parameter on a HTTP response. We are using the latest 2.2 version But we can't seem to get it work To simplify our testing we have written a small cgi program to emit a set-cookie header. When we add the following line to the httpd.conf file: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly The parameter is not added. It is the only set-cookie header that is issued. We have tried many different options and the edit function never seems to "kick in". Any ideas? Many thanks John --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|