Win a copy of Pipeline as Code this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Rob Spoor
  • Henry Wong
  • Liutauras Vilda
Saloon Keepers:
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh
  • Jj Roberts

Cookie Does Not Contain The "secure" Attribute

 
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

We have to get like this secure tag.We added script in httpd.conf but still doesnt show We tried lots of scripts combinations.One of them did it but this time, apache didn't start.Any suggestion would be nice
(By the way mod_header exist and working)
I tried those scripts one by one.

#Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
#Header set Set-Cookie HttpOnly;Secure ---------------------------------------> only this works it but when we activated it.Site login patch doesnt appear(login patch have to come)
#Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
#Header always edit Set-Cookie "(?i)^((??!;\s?HttpOnly).)+)$" "$1; HttpOnly"
#Header always edit Set-Cookie "(?i)^((??!;\s?secure).)+)$" "$1; secure"


Our server result:

 
Saloon Keeper
Posts: 23411
159
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For those who are confused, this question references Apache httpd server, not Apache Tomcat.


Here's a good document on the http only attribute:

https://www.owasp.org/index.php/HttpOnly

And on the "secure" atttribute:

https://www.owasp.org/index.php/SecureFlag

What you are calling "scripts", I believe are actually mod_header transformation rules. I recommend that you wrap Code tags (the message editor has a Code button) around your sample text so that the message display formatter doesn't make them unreadable. Also, please paste actual text (again, using Code tags), not screen shots. It will help people read the message easier.

Beyond, that, you seem to be saying that it works except for something called the "site login patch". I don't know what that is, so I can't help on that.
 
dylan payne
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Holloway wrote:For those who are confused, this question references Apache httpd server, not Apache Tomcat.


Here's a good document on the http only attribute:

https://www.owasp.org/index.php/HttpOnly

And on the "secure" atttribute:

https://www.owasp.org/index.php/SecureFlag

What you are calling "scripts", I believe are actually mod_header transformation rules. I recommend that you wrap Code tags (the message editor has a Code button) around your sample text so that the message display formatter doesn't make them unreadable. Also, please paste actual text (again, using Code tags), not screen shots. It will help people read the message easier.

Beyond, that, you seem to be saying that it works except for something called the "site login patch". I don't know what that is, so I can't help on that.




Hey Tim,
I wrote the above combinations but it didnt work.We cant intervention code side.We are just managing this servers.We have to do it, its demand of our customer
 
I have a knack for fixing things like this ... um ... sorry ... here is a consilitory tiny ad:
SKIP - a book about connecting industrious people with elderly land owners
https://coderanch.com/t/skip-book
reply
    Bookmark Topic Watch Topic
  • New Topic