First check if mod_headers is loaded. Else enable that module
LoadModule headers_module modules/mod_headers.so
Once the module is loaded .
Header edit Set-Cookie ^(.*)$ $1;Secure
Add above line to your virtual host in httpd.conf/ssl.conf as per your config
What this does is it adds a secure flag to your cookie. This flag is set by application server when sending
a new cookie to client/user when sending http response.This also mean that server will not send cookie over http. It sends only via https .This prevents unauthorized access to cookie data
This can be done via code in java or can be done @ apache/httpd config level.
Here is more info on code level changes click here..!!
LoadModule headers_module modules/mod_headers.so
Once the module is loaded .
Header edit Set-Cookie ^(.*)$ $1;Secure
Add above line to your virtual host in httpd.conf/ssl.conf as per your config
What this does is it adds a secure flag to your cookie. This flag is set by application server when sending
a new cookie to client/user when sending http response.This also mean that server will not send cookie over http. It sends only via https .This prevents unauthorized access to cookie data
This can be done via code in java or can be done @ apache/httpd config level.
Here is more info on code level changes click here..!!
No comments:
Post a Comment