Setting a Secure Flag to cookie in httpd – Apache

First check if mod_headers is loaded. Else enable that module

LoadModule headers_module modules/

Once the module is loaded .

Header edit Set-Cookie ^(.*)$ $1;Secure

Add above line to your virtual host in httpd.conf/ssl.conf as per your config

What this does is it adds a secure flag to your cookie. This flag is set by application server when sending
a new cookie to client/user when sending http response.This also mean that server will not send cookie over http. It sends only via https .This prevents unauthorized access to cookie data

This can be done via code in java or can be done @ apache/httpd config level.

Here is more info on code level changes click here..!!

No comments: