httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kumar <>
Subject [users@httpd] Editing Cookies in Apache HTTP Server.
Date Thu, 26 Jan 2017 01:15:45 GMT
Hi experts.

This is my first post in apache mailing list.

Ubuntu Apache : 2.4

I am trying to make every cookie generated by app or apache http server
secure, httponly with domain set to site domain name

Example: There is a cookie called MyCookie1=12345;

it should be set to Mycookie=12345;secure;httponly;

I am using below rule to make it work.

Header edit Set-Cookie ^(.*)$ "$1;Secure;HttpOnly;

Then I realized that there are many cookies with secure, httponly,domain
name set by app already. By using above rule in apache, cookies are now
having multiple domain,secure & httponly values.

Mycookie1.app1=123456;domain=*,secure,httponly cookie is
resulting as
Mycookie1.app1=12345;domain=*,secure,httponly,domain=,Secure,Httponly. (app is setting to secure and httponly
in lowercase and apache is appending Secure and Httponly starting with

I am using below rules to avoid duplicates but it breaks down the

Header edit Set-Cookie ^(.*);\s?secure;?\s?(.*);\s?secure;?\s?(.*)$ "$1;
$2; $3; Secure"
Header edit Set-Cookie ^(.*);\s?httpOnly;?\s?(.*);\s?httpOnly;?\s?(.*)$
"$1; $2; $3; HttpOnly"
#Strip off double ;; settings
Header edit Set-Cookie ^(.*);\s?;\s?(.*)$ "$1; $2"

How do I remove secure, httponly & domain if present and add using Header
edit cookie rule
and how do I append secure httponly and domain if not present in  cookie.

I appreciate your time and help.


View raw message