secure and httponly cookies

Lucas Rolff lucas at
Mon Mar 7 20:00:48 UTC 2016

Without knowing much about webseal (only simple googling), webseal 
really seems to be a very custom IBM product that does one thing: 
Integrate into Tivoli Access Manager - meaning they've very specific 
features (such as single sign-on) etc.
nginx is a general webserver, it doesn't hook into your backend system, 
usually you proxy some requests to it, or serve some files.

The only way I can think of, is by using LUA to rewrite the Set-Cookie 
headers, but it's not really a nice solution.

krishna at wrote:
> Thanks for the response.
> Yes, i understand that. But here they dont create a secure or httponly
> cookie in the backend (webseal/ibm portal).
> Earlier we were using ibm http server (IHS) and were adding these flags in
> the web server itself.
> Now we are trying to replace IHS with nginx but not able to accomplish the
> same here.
> Posted at Nginx Forum:,265137,265140#msg-265140
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list