Hi!
I am using form based authenciation and enabled a session cookie to store the
user session with username and password as below.
And trying to set httponly flag for only "session" cookie. Please help to solve
this with a configuration in apache 2.4.25 version.
AuthType form
AuthName "TEST"
AuthUserFile /user/passwords
AuthGroupFile /user/groups
AuthFormLoginRequiredLocation /login/login.html
AuthFormFakeBasicAuth On
Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/;httponly;secure;
Require valid-user
Developer tool:
[cid:image003.jpg@01D6AA7A.33F42A60]
Please note: I don't want to set the httponly flag for other cookies. I tried
the below but It enables the httponly flag for all cookies, while browsing the
webpage :
<IfModule headers_module>
Header edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Or
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;secure
</IfModule>
Regards,
Sathish Vijayan
Det h?r e-postmeddelandet kan inneh?lla personuppgifter om dig som s?ndare
eller mottagare samt om andra personer. Information om hur vi p? Tre behandlar
personuppgifter finns att l?sa p? www.tre.se/gdpr.
