httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44799] New: Allow mod_rewrite Cookie option to set secure and HttpOnly flags
Date Thu, 10 Apr 2008 15:37:38 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=44799

           Summary: Allow mod_rewrite Cookie option to set secure and
                    HttpOnly flags
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P4
         Component: mod_rewrite
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: christian@wenz.org


The Cookie option of mod_rewrite supports setting the cookie's name, value,
domain, path, and expiry date. However the original Netscape cookie
specification [1] also supports the "secure" flag. Internet Explorer 6 SP1
introduced the HttpOnly flag [2] for cookies that are not accessible to
JavaScript code, a feature which is now also supported by Firefox 2 and newser. 

The attached patch adds support for these two flags, changing the formal
signature of the cookie option as follows:

cookie|CO=NAME:VAL:domain[:lifetime[:path[:secure[:httponly]]]]

Examples:
CO=name:value:.example.com:0:/:true
CO=name:value:.example.com:0:/:false

CO=name:value:.example.com:0:/:1:HttpOnly
CO=name:value:.example.com:0:/:0:HttpOnly

In my opinion this would be a useful addition to mod_rewrite and should not
break existing applications. 

[1] http://wp.netscape.com/newsref/std/cookie_spec.html
[2] http://msdn2.microsoft.com/en-us/library/ms533046.aspx


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message