Project

General

Profile

Actions
Copy link

Feature #2795

closed

mod_usertrack should have an option to set the 'Secure' and 'HttpOnly' flags on the cookie

Added by errietta over 7 years ago. Updated over 7 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_usertrack
Target version:
1.4.46
ASK QUESTIONS IN Forums:

Description

Currently the cookie set by the mod_usertrack module does not have the secure flag or httponly flag on. There should be an option for the cookie to be set with these flags on.
E.g.

Set-Cookie: cookie_name; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly

Actions
Copy link
 #1

Updated by gstrauss over 7 years ago

  • Category set to mod_usertrack
  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.46

untested patch forthcoming, so feedback appreciated

Actions
Copy link
 #2

Updated by gstrauss over 7 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by errietta over 7 years ago

gstrauss wrote:

Applied in changeset 8ddb727d5c505ec206446879897f9646e97ff1b3.

Works fine thanks!

errietta@Moltres [2]  ~/lighty % curl -k --head https://localhost:8081/                                                                                                                                       8 2254 20:34:56 Mon 27.02.2017
HTTP/1.1 200 OK
Set-Cookie: TRACKID=85532de0e816b830e1eff4f23fd828c4; Path=/; Version=1;  Max-Age=86400; Secure; HttpOnly

Actions
Copy link

Also available in: Atom