Hello, Is there a way to make cookies created by mod_usertrack Secure? We just upgraded from httpd 2.2.31 to 2.4.23 and now cookies created by mod_usertrack are no longer secure. We have the line "Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure" in our httpd.conf, that in 2.2 was setting them to secure, but now in 2.4 doesn't seem to be doing anything?
It seems like the patch for https://bz.apache.org/bugzilla/show_bug.cgi?id=29755 changed the usertrack hook to use APR_HOOK_REALLY_FIRST instead of APR_HOOK_FIRST, which I'm guessing is the cause of my problem, but I don't know how to fix the problem that this change seems to have created. Thanks, Alex Kaiser