http-only and secure are directives intended for browser. If the browser doesn't detect HTTP proto for http-only setting and SSL for secure setting then browser will drop the cookie and will never make it to the web server.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236394,237245#msg-237245 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
