Hi! I am using form based authenciation and enabled a session cookie to store the user session with username and password as below. And trying to set httponly flag for only "session" cookie. Please help to solve this with a configuration in apache 2.4.25 version.
AuthType form AuthName "TEST" AuthUserFile /user/passwords AuthGroupFile /user/groups AuthFormLoginRequiredLocation /login/login.html AuthFormFakeBasicAuth On Session On SessionCryptoPassphrase secret SessionCookieName session path=/;httponly;secure; Require valid-user Developer tool: [cid:image003.jpg@01D6AA7A.33F42A60] Please note: I don't want to set the httponly flag for other cookies. I tried the below but It enables the httponly flag for all cookies, while browsing the webpage : <IfModule headers_module> Header edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure" Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly" Or Header edit Set-Cookie ^(.*)$ $1;HttpOnly;secure </IfModule> Regards, Sathish Vijayan Det h?r e-postmeddelandet kan inneh?lla personuppgifter om dig som s?ndare eller mottagare samt om andra personer. Information om hur vi p? Tre behandlar personuppgifter finns att l?sa p? www.tre.se/gdpr.