secure and httponly cookies
Krishna Kumar K K
krishna at Brocade.com
Tue Mar 8 07:44:59 UTC 2016
Thing is its failing in the vulnerability scan (nexpose tool is used) saying cookie is not secure or httponly.
From: nginx [mailto:nginx-bounces at nginx.org] On Behalf Of Aapo Talvensaari
Sent: Monday, March 07, 2016 11:34 PM
To: nginx at nginx.org
Subject: Re: secure and httponly cookies
On Tuesday, 8 March 2016, Krishna Kumar K K <krishna at brocade.com<mailto:krishna at brocade.com>> wrote:
I am able to modify the set-cookie header from the server to flag it secure. I am trying to do the same in the request header as well.
Those flags are instructions to client. They don't have meaning on request headers. Only on response headers.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx