You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Luigi Bellio <lu...@gmail.com> on 2023/11/14 20:09:10 UTC

RE: Re: Re: [users@httpd] Unable to unset Set-Cookie response header&In-Reply-To=

Hi Rainer,

     I tried also in this way but the "Set-Cookie" response header is 
present.

     I did further tests ... the response header is set also when 
returning static resources, for example

    Set-Cookie:
    7133ee39c88e27dfb06de1e1feafdacd=64ca85231009a6bb674397ffaccb3d14;
    path=/; HttpOnly; Secure; SameSite=None

     can I disable Apache HTTPd cookie generation?

     Thanks for your support,

         Luigi.

On 2023/11/14 15:53:17 Rainer Canavan wrote:
 > On Tue, Nov 14, 2023 at 3:24 PM Luigi Bellio <lu...@gmail.com> wrote:
 > >
 > > Hi Eric,
 > >
 > > thanks for your feedback ... I just tried, nothing is changed ...
 > > moreover as documented the "always" directive should apply to all
 > > response codes not only "on success".
 >
 > You're missing one important issue the documentation raises:
 > https://httpd.apache.org/docs/2.4/mod/mod_headers.html#header
 > "always" and "onsuccess" apply to different sets of headers, therefore it
 > might help if you try duplicating your 'Header unset' line, one with 
*and* one
 > without "always".
 >
 > Rainer
 >
 > ---------------------------------------------------------------------
 > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
 > For additional commands, e-mail: users-help@httpd.apache.org
 >
 >

Re: Re: Re: [users@httpd] Unable to unset Set-Cookie response header&In-Reply-To=

Posted by Eric Covener <co...@gmail.com>.

On Tue, Nov 14, 2023 at 3:11 PM Luigi Bellio <lu...@gmail.com> wrote:
>
> Hi Rainer,
>
>     I tried also in this way but the "Set-Cookie" response header is present.
>
>     I did further tests ... the response header is set also when returning static resources, for example
>
> Set-Cookie: 7133ee39c88e27dfb06de1e1feafdacd=64ca85231009a6bb674397ffaccb3d14; path=/; HttpOnly; Secure; SameSite=None

Maybe something between the test client and Apache explains why you
can't unset it in Apache?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org