secure and httponly cookies

Aapo Talvensaari aapo.talvensaari at
Tue Mar 8 07:34:06 UTC 2016

On Tuesday, 8 March 2016, Krishna Kumar K K <krishna at> wrote:

> I am able to modify the set-cookie header from the server to flag it
> secure. I am trying to do the same in the request header as well.

Those flags are instructions to client. They don't have meaning on request
headers. Only on response headers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list