Help with securing "route" cookie

Francis Daly francis at
Mon Nov 21 23:57:57 UTC 2016

On Mon, Nov 21, 2016 at 05:27:40PM -0500, hheiko wrote:

Hi there,

> My cookie from the sticky modules comes flagged as unsecure,  I can delete
> it and close the browser, no change.
> You can check it out at and then check the
> "route" cookie.

$ curl -s -i | grep -i '^set-cookie:\|^date:'
Date: Mon, 21 Nov 2016 23:49:01 GMT
Set-Cookie: route=0; Expires=Mon, 21-Nov-2016 23:54:01 GMT; Path=/

That suggests that the effective configuration you have is

  sticky expires=5m;

If your actual configuration is something different, then it may be
worth checking module and server versions for compatibility, or confirming
that the config you think is running is the config that is running.

Who knows; maybe there is a problem that can be fixed in the module.

Francis Daly        francis at

More information about the nginx mailing list