Add "secure" in cookie by httpd server

Posted by Abhishek on Server Fault See other posts from Server Fault or by Abhishek
Published on 2012-03-31T05:00:16Z Indexed on 2012/03/31 5:31 UTC
Read the original article Hit count: 253

Filed under:
|
|

How do I have to configure my httpd server to add "Secure" in the cookies? I tried the one in the below link,

http://blog.modsecurity.org/2008/12/fixing-both-missing-httponly-and-secure-cookie-flags.html

but this did not seem to be working. I inspected the cookie via firebug and found that the cookies have "HttpOnly" but not "Secure". I double checked the configurations and they the same as mentioned in the link.

I also noticed that the server response time goes bit high when doing it by mod_security. Is there a better way to do it?

Any ideas or pointers to configurations would be helpful

© Server Fault or respective owner

Related posts about ssl

Related posts about httpd