Help with securing "route" cookie
Francis Daly
francis at daoine.org
Mon Nov 21 23:57:57 UTC 2016
On Mon, Nov 21, 2016 at 05:27:40PM -0500, hheiko wrote:
Hi there,
> My cookie from the sticky modules comes flagged as unsecure, I can delete
> it and close the browser, no change.
> You can check it out at https://wahl.hannover-stadt.de and then check the
> "route" cookie.
$ curl -s -i https://wahl.hannover-stadt.de | grep -i '^set-cookie:\|^date:'
Date: Mon, 21 Nov 2016 23:49:01 GMT
Set-Cookie: route=0; Expires=Mon, 21-Nov-2016 23:54:01 GMT; Path=/
That suggests that the effective configuration you have is
sticky expires=5m;
If your actual configuration is something different, then it may be
worth checking module and server versions for compatibility, or confirming
that the config you think is running is the config that is running.
Who knows; maybe there is a problem that can be fixed in the module.
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list