secure and httponly cookies
Francis Daly
francis at daoine.org
Mon Mar 7 22:57:05 UTC 2016
On Mon, Mar 07, 2016 at 09:50:00PM +0000, Krishna Kumar K K wrote:
Hi there,
> I have tried exactly the same as in this page:-
>
> proxy_cookie_path / "/; secure; HttpOnly";
>
> it sets the flags on the cookie in the response header, but when I refresh the page, it is sending the cookies in the requests header without these flags, it just resets it.
That sounds like it is doing exactly what it should, no?
Flags are sent by the server in Set-Cookie response headers. Cookies
are sent by the client (or not) in Cookie request headers.
What behaviour do you want that you are not seeing?
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list