Add "secure" in cookie by httpd server

Posted by Abhishek on Server Fault See other posts from Server Fault or by Abhishek
Published on 2012-03-31T05:00:16Z Indexed on 2012/03/31 5:31 UTC
Read the original article Hit count: 250

Filed under:

ssl

|

httpd

|

cookie

How do I have to configure my httpd server to add "Secure" in the cookies? I tried the one in the below link,

http://blog.modsecurity.org/2008/12/fixing-both-missing-httponly-and-secure-cookie-flags.html

but this did not seem to be working. I inspected the cookie via firebug and found that the cookies have "HttpOnly" but not "Secure". I double checked the configurations and they the same as mentioned in the link.

I also noticed that the server response time goes bit high when doing it by mod_security. Is there a better way to do it?

Any ideas or pointers to configurations would be helpful

© Server Fault or respective owner

Related posts about ssl

Plesk SSL Certificate (Default cert when SSL enabled, CORRECT cert when SSL is disabled)

as seen on Server Fault - Search for 'Server Fault'
I'm running Plesk 8.6.0: I have an SSL cert installed through Plesk's admin interface. But I have a bit of an issue: When I enabled SSL for the site, and selected my cert, then restart httpd, Plesk defaults to using my self-signed default certificate. Conversely, when I disable SSL support for the… >>> More
apache renew ssl not working [on hold]

as seen on Server Fault - Search for 'Server Fault'
Downloaded a new ssl cert from go daddy and installed the cert on apache2 server put the cert in /etc/ssl/certs/ folder put the gd_bundle.crt in the /etc/ssl/ folder private key is in /etc/ssl/private/private.key I just replaced the original files with the new files, did not replace the private… >>> More
Cant connect to mysql using self signed SSL certificate

as seen on Server Fault - Search for 'Server Fault'
After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled) I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25).. ~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client… >>> More
How to log invalid client SSL certificate in SSL

as seen on Server Fault - Search for 'Server Fault'
I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to… >>> More
Mixing SSL and non-SSL content in an Apache2 virtual host

as seen on Server Fault - Search for 'Server Fault'
I have a (hopefully) common scenario for one of my sites that I just can't seem to figure out how to deploy correctly. I have the following site and directories for example.com: These need to require SSL: /var/www/example.com/admin /var/www/example.com/order These need to be non-SSL: /var/www/example… >>> More

Related posts about httpd

Web site not responding

as seen on Super User - Search for 'Super User'
I have website working fine before. But now its not able to connect to the server(I believe that is the problem). But its strange that the message not able to connect to the server is not coming and its keep connecting... for infinite time. Here is the screenshot. Here are some of the useful… >>> More
Httpd + Expect Script Fail (no more ptys) if httpd is not run through cli

as seen on Server Fault - Search for 'Server Fault'
I have a CentOS virtual server through Vmware. The server runs an httpd daemon which serves an php page with a form. The users complete the form, and by clicking submit the php page calls an expect scripts. If i run the httpd throught the default init.d script i get a "no more ptys" error, but if… >>> More
Difference between httpd and httpd-devel package on CentOS 5

as seen on Server Fault - Search for 'Server Fault'
I'm trying to update PHP 5.1 to 5.3 on CentOS 5.10. On the server, httpd-devel is installed but trying to install php53 on CentOS 5, it wants to install httpd. This is a production server so I need to know if it's safe to install httpd when httpd-devel is already installed. The php package (5.1.6)… >>> More
Redirect particular hostname from https to httpd in httpd/apache2

as seen on Server Fault - Search for 'Server Fault'
I have a webserver that has an ssl certificate applied to a subdomain https://shop.mydomain.com. I also have the hostname http://mydomain.com that has no ssl certificate. When invoking https://mydomain.com, browsers issue a warning that a certificate could not be verified because the webserver is… >>> More
Optimizing apache server load

as seen on Server Fault - Search for 'Server Fault'
We have an issue with a dedicated server load. We have 16 processors with 4 core @ 2.40GHz, if I understood correctly cat /proc/cpuinfo output. Unfortunately, I don't have access to free -m or vmstat. But from top I got that we have 24 GB. And snapshot from top about processes: As far as I see… >>> More