httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Kaiser <>
Subject [users@httpd] Secure cookies with mod_usertrack
Date Tue, 14 Feb 2017 19:22:13 GMT

Is there a way to make cookies created by mod_usertrack Secure? We just
upgraded from httpd 2.2.31 to 2.4.23 and now cookies created by
mod_usertrack are no longer secure. We have the line "Header edit
Set-Cookie ^(.*)$ $1;HttpOnly;Secure" in our httpd.conf, that in 2.2 was
setting them to secure, but now in 2.4 doesn't seem to be doing anything?

It seems like the patch for changed the usertrack
hook to use APR_HOOK_REALLY_FIRST instead of APR_HOOK_FIRST, which I'm
guessing is the cause of my problem, but I don't know how to fix the
problem that this change seems to have created.

Alex Kaiser

View raw message