How to check the existence of a http-only secure cookie
Francis Daly
francis at daoine.org
Wed Feb 20 22:22:18 UTC 2013
On Wed, Feb 20, 2013 at 05:10:26PM -0500, mrtn wrote:
> I have a http-only and secure (ssl) cookie, and I want nginx to check
> whether this cookie exists in a request, if not, reject it by serving a 404
> page. This is just a preliminary check, so I don't care about the actual
> value in the cookie.
>
> So far I've tried this: if ($http_cookie !~* "cookie_name=[.]+") { return
> 404; } in a location directive, but despite the cookie is contained in the
> requests, 404 is returned. What should be corrected here? Thanks!
Does it pass if the cookie value starts with a dot?
Every character in the regex means something. "." probably doesn't mean
what you think it means here.
Omit the [] and it might work for you. Or you could just test
$cookie_cookie_name directly -- does it equal the empty string? If not,
it has a value.
(This doesn't actually check for http-only or secure, but you probably
know that already.)
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list