You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Gil Pratte <gi...@gmail.com> on 2011/05/23 21:40:27 UTC

[users@httpd] cookie secure flag

Hello all,

I'm using apache http as a reverse proxy to tomcat. http takes care of the
ssl encryption.

Can anyone enlighten me on how to set the cookie secure flag to true.

thanks in advance,

gilbert

Re: [users@httpd] cookie secure flag

Posted by Mark Brodis <ma...@colorado4x4.net>.

What I have done is do a edit-header to append the "Secure" onto the
Set-Cookie command coming back from the app-container through the web
server.  The header edit command is only available on 2.2 (likely 3.X also),
but not on 2.0.

Example:

Header edit Set-Cookie ^(.*)$ $1;Secure;

-Mark

On Mon, May 23, 2011 at 1:40 PM, Gil Pratte <gi...@gmail.com>wrote:

> Hello all,
>
> I'm using apache http as a reverse proxy to tomcat. http takes care of the
> ssl encryption.
>
> Can anyone enlighten me on how to set the cookie secure flag to true.
>
> thanks in advance,
>
> gilbert
>