secure and httponly cookies

Krishna Kumar K K krishna at
Mon Mar 7 21:50:00 UTC 2016

I have tried exactly the same as in this page:-

proxy_cookie_path / "/; secure; HttpOnly";

it sets the flags on the cookie in the response header, but when I refresh the page, it is sending the cookies in the requests header without these flags, it just resets it.


-----Original Message-----
From: nginx [mailto:nginx-bounces at] On Behalf Of Aleksandar Lazic
Sent: Monday, March 07, 2016 1:16 PM
To: nginx at
Subject: Re: secure and httponly cookies


Am 07-03-2016 21:15, schrieb krishna at
> Here, nginx is proxy passing the requests to webseal and webseal sends 
> the response with cookies.
> We are trying to rewrite this cookie headers.

Please can you show us how you have tried to do this.

As you can see on this pages there should be a option with 'plain' nginx

Please can you also post the output of nginx -V and the config.

Cheers Aleks

> Could you tell me more about LUA or some links where i can read about 
> it?
> Posted at Nginx Forum:
> ead.php-3F2-2C265137-2C265142-23msg-2D265142&d=CwICAg&c=IL_XqQWOjubgfq
> INi2jTzg&r=PZ7-DbptEeW_9SeYl3U87b-UoRqXIcJD3kzHs3AtV7E&m=6gm5ZW2zS0Osq
> HDgC0ZQdRy2r648aRPQq1pCVy1H4sA&s=Mv5hguz8jSa78zlUxgzcU4OCcKCRtqjhKZ_xl
> wesMOA&e=
> _______________________________________________
> nginx mailing list
> nginx at
> mailman_listinfo_nginx&d=CwICAg&c=IL_XqQWOjubgfqINi2jTzg&r=PZ7-DbptEeW
> _9SeYl3U87b-UoRqXIcJD3kzHs3AtV7E&m=6gm5ZW2zS0OsqHDgC0ZQdRy2r648aRPQq1p
> CVy1H4sA&s=AFoUlENMfmYahoSjjMns5RW3FemZeDlb6xodRGyXtmA&e=

nginx mailing list
nginx at 

More information about the nginx mailing list