On Tuesday 12 March 2013 01:54:01 kalpesh.pa...@glgroup.com wrote: > http-only and secure are directives intended for browser. If the browser > doesn't detect HTTP proto for http-only setting and SSL for secure setting > then browser will drop the cookie and will never make it to the web server. >
Thank you, I know what "HttpOnly" and "Secure" are. But, please, note that these attributes are sent via Set-Cookie header from a web-server *response*, while the question was: > to check if a given a cookie is present and it is http-only and secure, > otherwise, reject the request with a 404". There's no way since they do not present in requests. wbr, Valentin V. Bartenev -- http://nginx.org/en/donation.html _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
