httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 44799] New: Allow mod_rewrite Cookie option to set secure and HttpOnly flags
Date Thu, 10 Apr 2008 15:37:38 GMT

           Summary: Allow mod_rewrite Cookie option to set secure and
                    HttpOnly flags
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P4
         Component: mod_rewrite

The Cookie option of mod_rewrite supports setting the cookie's name, value,
domain, path, and expiry date. However the original Netscape cookie
specification [1] also supports the "secure" flag. Internet Explorer 6 SP1
introduced the HttpOnly flag [2] for cookies that are not accessible to
JavaScript code, a feature which is now also supported by Firefox 2 and newser. 

The attached patch adds support for these two flags, changing the formal
signature of the cookie option as follows:



In my opinion this would be a useful addition to mod_rewrite and should not
break existing applications. 


Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message