httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Kaiser <alextkai...@gmail.com>
Subject [users@httpd] Secure cookies with mod_usertrack
Date Tue, 14 Feb 2017 19:22:13 GMT
Hello,

Is there a way to make cookies created by mod_usertrack Secure? We just
upgraded from httpd 2.2.31 to 2.4.23 and now cookies created by
mod_usertrack are no longer secure. We have the line "Header edit
Set-Cookie ^(.*)$ $1;HttpOnly;Secure" in our httpd.conf, that in 2.2 was
setting them to secure, but now in 2.4 doesn't seem to be doing anything?

It seems like the patch for
https://bz.apache.org/bugzilla/show_bug.cgi?id=29755 changed the usertrack
hook to use APR_HOOK_REALLY_FIRST instead of APR_HOOK_FIRST, which I'm
guessing is the cause of my problem, but I don't know how to fix the
problem that this change seems to have created.

Thanks,
Alex Kaiser

Mime
View raw message