How to check the existence of a http-only secure cookie

Valentin V. Bartenev vbart at nginx.com
Tue Mar 12 07:01:29 UTC 2013


On Tuesday 12 March 2013 01:54:01 kalpesh.patel at glgroup.com wrote:
> http-only and secure are directives intended for browser. If the browser
> doesn't detect HTTP proto for  http-only setting and SSL for secure setting
> then browser will drop the cookie and will never make it to the web server.
> 

Thank you, I know what "HttpOnly" and "Secure" are. But, please, note that
these attributes are sent via Set-Cookie header from a web-server *response*,
while the question was:

 > to check if a given a cookie is present and it is http-only and secure,
 > otherwise, reject the request with a 404".

There's no way since they do not present in requests.

  wbr, Valentin V. Bartenev

--
http://nginx.org/en/donation.html





More information about the nginx mailing list