secure and httponly cookies

Krishna Kumar K K krishna at Brocade.com
Mon Mar 7 21:50:00 UTC 2016


I have tried exactly the same as in this page:-

proxy_cookie_path / "/; secure; HttpOnly";

it sets the flags on the cookie in the response header, but when I refresh the page, it is sending the cookies in the requests header without these flags, it just resets it.

Thanks,
Krishna

-----Original Message-----
From: nginx [mailto:nginx-bounces at nginx.org] On Behalf Of Aleksandar Lazic
Sent: Monday, March 07, 2016 1:16 PM
To: nginx at nginx.org
Subject: Re: secure and httponly cookies

Hi.

Am 07-03-2016 21:15, schrieb krishna at brocade.com:
> Here, nginx is proxy passing the requests to webseal and webseal sends 
> the response with cookies.
> We are trying to rewrite this cookie headers.

Please can you show us how you have tried to do this.

As you can see on this pages there should be a option with 'plain' nginx
;-)

https://urldefense.proofpoint.com/v2/url?u=http-3A__serverfault.com_questions_268633_controlling-2Dnginx-2Dproxy-2Dtarget-2Dusing-2Da-2Dcookie&d=CwICAg&c=IL_XqQWOjubgfqINi2jTzg&r=PZ7-DbptEeW_9SeYl3U87b-UoRqXIcJD3kzHs3AtV7E&m=6gm5ZW2zS0OsqHDgC0ZQdRy2r648aRPQq1pCVy1H4sA&s=RUz0YUGoSUkE6lu5tJ39Q6wGT4OOTv5_pHDdBeUYXs8&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__maximilian-2Dboehm.com_hp2134_NGINX-2Das-2DProxy-2DRewrite-2DSet-2DCookie-2Dto-2DSecure-2Dand-2DHttpOnly.htm&d=CwICAg&c=IL_XqQWOjubgfqINi2jTzg&r=PZ7-DbptEeW_9SeYl3U87b-UoRqXIcJD3kzHs3AtV7E&m=6gm5ZW2zS0OsqHDgC0ZQdRy2r648aRPQq1pCVy1H4sA&s=yaYJMYFzaQG_Jx8xt2eDryBca7PrrSJCMoxoMwcR5xQ&e= 

Please can you also post the output of nginx -V and the config.

Cheers Aleks

> Could you tell me more about LUA or some links where i can read about 
> it?
> 
> Posted at Nginx Forum:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__forum.nginx.org_r
> ead.php-3F2-2C265137-2C265142-23msg-2D265142&d=CwICAg&c=IL_XqQWOjubgfq
> INi2jTzg&r=PZ7-DbptEeW_9SeYl3U87b-UoRqXIcJD3kzHs3AtV7E&m=6gm5ZW2zS0Osq
> HDgC0ZQdRy2r648aRPQq1pCVy1H4sA&s=Mv5hguz8jSa78zlUxgzcU4OCcKCRtqjhKZ_xl
> wesMOA&e=
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_
> mailman_listinfo_nginx&d=CwICAg&c=IL_XqQWOjubgfqINi2jTzg&r=PZ7-DbptEeW
> _9SeYl3U87b-UoRqXIcJD3kzHs3AtV7E&m=6gm5ZW2zS0OsqHDgC0ZQdRy2r648aRPQq1p
> CVy1H4sA&s=AFoUlENMfmYahoSjjMns5RW3FemZeDlb6xodRGyXtmA&e=

_______________________________________________
nginx mailing list
nginx at nginx.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=CwICAg&c=IL_XqQWOjubgfqINi2jTzg&r=PZ7-DbptEeW_9SeYl3U87b-UoRqXIcJD3kzHs3AtV7E&m=6gm5ZW2zS0OsqHDgC0ZQdRy2r648aRPQq1pCVy1H4sA&s=AFoUlENMfmYahoSjjMns5RW3FemZeDlb6xodRGyXtmA&e= 



More information about the nginx mailing list