try adapting the commented example here for samesite: https://github.com/covener/apache-samesite/blob/master/samesite-global.conf
On Sat, Oct 24, 2020 at 10:01 PM Sathish Vijayan <sathish.vija...@tre.se> wrote: > Hi! > > > > I am using form based authenciation and enabled a session cookie to store > the user session with username and password as below. > > And trying to set httponly flag for only “session” cookie. Please help to > solve this with a configuration in apache 2.4.25 version. > > > > AuthType form > > AuthName "TEST" > > AuthUserFile /user/passwords > > AuthGroupFile /user/groups > > AuthFormLoginRequiredLocation /login/login.html > > AuthFormFakeBasicAuth On > > Session On > > SessionCryptoPassphrase secret > > SessionCookieName session path=/;httponly;secure; > > Require valid-user > > > > Developer tool: > > > > > > Please note: I don’t want to set the httponly flag for other cookies. I > tried the below but It enables the httponly flag for all cookies, while > browsing the webpage : > > > > <IfModule headers_module> > > Header edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure" > > Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly" > > > > Or > > > > Header edit Set-Cookie ^(.*)$ $1;HttpOnly;secure > > </IfModule> > > > > Regards, > > Sathish Vijayan > > > > > > Det här e-postmeddelandet kan innehålla personuppgifter om dig som sändare > eller mottagare samt om andra personer. Information om hur vi på Tre > behandlar personuppgifter finns att läsa på www.tre.se/gdpr. > -- Eric Covener cove...@gmail.com